Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
registration.msi

Overview

General Information

Sample name:registration.msi
Analysis ID:1561803
MD5:62367ba07bdc8e7abdc94d2bbe076216
SHA1:5f0f1c2d77230f41cbb65989f24868a6dc4c9cfc
SHA256:ed0ae67f36657cfe892fb58cc02b28f237ab5de0ed5f8cd902981dc892d7f737
Tags:msiuser-JAMESWT_MHT
Infos:

Detection

AteraAgent
Score:88
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected AteraAgent
AI detected suspicious sample
Creates files in the system32 config directory
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Reads the Security eventlog
Reads the System eventlog
Yara detected Generic Downloader
Abnormal high CPU Usage
Adds / modifies Windows certificates
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks for available system drives (often done to infect USB drives)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates or modifies windows services
Deletes files inside the Windows folder
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops certificate files (DER)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Stores large binary data to the registry
Suricata IDS alerts with low severity for network traffic
Uses code obfuscation techniques (call, push, ret)
Uses net.exe to stop services
Uses taskkill to terminate processes
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • msiexec.exe (PID: 1340 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\registration.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 4788 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 5708 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 3D043D01D69573A731BD32BF0EBA042E MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • rundll32.exe (PID: 2032 cmdline: rundll32.exe "C:\Windows\Installer\MSIC4F9.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4310406 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId MD5: 889B99C52A60DD49227C5E485A016679)
      • rundll32.exe (PID: 4324 cmdline: rundll32.exe "C:\Windows\Installer\MSICAE6.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4311812 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart MD5: 889B99C52A60DD49227C5E485A016679)
      • rundll32.exe (PID: 4084 cmdline: rundll32.exe "C:\Windows\Installer\MSIE1CA.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4317703 11 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation MD5: 889B99C52A60DD49227C5E485A016679)
      • rundll32.exe (PID: 2084 cmdline: rundll32.exe "C:\Windows\Installer\MSIFFD7.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4325359 33 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd MD5: 889B99C52A60DD49227C5E485A016679)
    • msiexec.exe (PID: 64 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding ED6036EDFA306B6AD29B763B80D7974F E Global\MSI0000 MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • net.exe (PID: 4852 cmdline: "NET" STOP AteraAgent MD5: 31890A7DE89936F922D44D677F681A7F)
        • conhost.exe (PID: 6424 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • net1.exe (PID: 5920 cmdline: C:\Windows\system32\net1 STOP AteraAgent MD5: 2EFE6ED4C294AB8A39EB59C80813FEC1)
      • taskkill.exe (PID: 2812 cmdline: "TaskKill.exe" /f /im AteraAgent.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
        • conhost.exe (PID: 5848 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • AteraAgent.exe (PID: 4064 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="1vf5mpi5iyis@upsnab.net" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000Kh41eIAB" /AgentId="95fbc98a-3c27-44ae-84cf-9e3acc292491" MD5: 477293F80461713D51A98A24023D45E8)
  • AteraAgent.exe (PID: 800 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" MD5: 477293F80461713D51A98A24023D45E8)
    • sc.exe (PID: 4544 cmdline: "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000 MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
      • conhost.exe (PID: 356 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • AgentPackageAgentInformation.exe (PID: 3524 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95fbc98a-3c27-44ae-84cf-9e3acc292491 "e8d80795-1e07-47b3-9c87-186f671b6a15" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000Kh41eIAB MD5: FD9DF72620BCA7C4D48BC105C89DFFD2)
      • conhost.exe (PID: 5672 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • AgentPackageAgentInformation.exe (PID: 768 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95fbc98a-3c27-44ae-84cf-9e3acc292491 "84e6126d-3464-4d76-9c19-0160eafb16a0" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000Kh41eIAB MD5: FD9DF72620BCA7C4D48BC105C89DFFD2)
      • conhost.exe (PID: 5788 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • AgentPackageAgentInformation.exe (PID: 5728 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95fbc98a-3c27-44ae-84cf-9e3acc292491 "e3e24934-4319-48e9-bf87-d4583f7e9574" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000Kh41eIAB MD5: FD9DF72620BCA7C4D48BC105C89DFFD2)
      • conhost.exe (PID: 4820 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • AgentPackageAgentInformation.exe (PID: 4236 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95fbc98a-3c27-44ae-84cf-9e3acc292491 "bafe3b2c-3bd0-4df3-abe5-6f6b048de27b" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000Kh41eIAB MD5: FD9DF72620BCA7C4D48BC105C89DFFD2)
      • conhost.exe (PID: 5200 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • AgentPackageAgentInformation.exe (PID: 2664 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95fbc98a-3c27-44ae-84cf-9e3acc292491 "5da68ded-3041-4a37-bb29-975445cce246" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000Kh41eIAB MD5: FD9DF72620BCA7C4D48BC105C89DFFD2)
      • conhost.exe (PID: 2992 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Windows\Temp\~DF3BCE62784648DF98.TMPJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
    C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLogJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
      C:\Windows\Temp\~DF510E6906F6ABC59A.TMPJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
        C:\Windows\Temp\~DF4630E950FA28A864.TMPJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
          C:\Windows\Temp\~DFF883924653294067.TMPJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
            Click to see the 14 entries

            Memory Dumps

            SourceRuleDescriptionAuthorStrings
            00000018.00000002.3591613381.00000140BF2C9000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
              0000000F.00000002.4733388042.000000D20C6F5000.00000004.00000010.00020000.00000000.sdmpJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                00000018.00000002.3591758846.00000140BF2DB000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                  00000018.00000002.3592387002.00000140BF5B0000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                    00000018.00000002.3591758846.00000140BF30D000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                      Click to see the 112 entries

                      Unpacked PEs

                      SourceRuleDescriptionAuthorStrings
                      20.2.AgentPackageAgentInformation.exe.1fe49190000.1.unpackJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                        13.0.AteraAgent.exe.1d0b8ff0000.0.unpackJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                          20.0.AgentPackageAgentInformation.exe.1fe48960000.0.unpackJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                            20.0.AgentPackageAgentInformation.exe.1fe48960000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

                              Sigma Signatures

                              Sigma detected: Net.exe Execution
                              Source: Process startedAuthor: Michael Haag, Mark Woan (improvements), James Pemberton / @4A616D6573 / oscd.community (improvements): Data: Command: "NET" STOP AteraAgent, CommandLine: "NET" STOP AteraAgent, CommandLine|base64offset|contains: I3, Image: C:\Windows\SysWOW64\net.exe, NewProcessName: C:\Windows\SysWOW64\net.exe, OriginalFileName: C:\Windows\SysWOW64\net.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding ED6036EDFA306B6AD29B763B80D7974F E Global\MSI0000, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 64, ParentProcessName: msiexec.exe, ProcessCommandLine: "NET" STOP AteraAgent, ProcessId: 4852, ProcessName: net.exe
                              Sigma detected: Stop Windows Service Via Net.EXE
                              Source: Process startedAuthor: Jakob Weinzettl, oscd.community, Nasreddine Bencherchali (Nextron Systems): Data: Command: "NET" STOP AteraAgent, CommandLine: "NET" STOP AteraAgent, CommandLine|base64offset|contains: I3, Image: C:\Windows\SysWOW64\net.exe, NewProcessName: C:\Windows\SysWOW64\net.exe, OriginalFileName: C:\Windows\SysWOW64\net.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding ED6036EDFA306B6AD29B763B80D7974F E Global\MSI0000, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 64, ParentProcessName: msiexec.exe, ProcessCommandLine: "NET" STOP AteraAgent, ProcessId: 4852, ProcessName: net.exe

                              Suricata Signatures

                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-11-24T11:15:44.624775+010028033053Unknown Traffic192.168.2.64979713.232.67.198443TCP
                              2024-11-24T11:16:29.702443+010028033053Unknown Traffic192.168.2.64990613.232.67.198443TCP
                              2024-11-24T11:16:46.524446+010028033053Unknown Traffic192.168.2.64994913.232.67.198443TCP
                              2024-11-24T11:16:51.068572+010028033053Unknown Traffic192.168.2.64996313.232.67.198443TCP
                              2024-11-24T11:16:56.139542+010028033053Unknown Traffic192.168.2.64998513.232.67.198443TCP
                              2024-11-24T11:17:02.168754+010028033053Unknown Traffic192.168.2.65000613.232.67.198443TCP
                              2024-11-24T11:17:08.070982+010028033053Unknown Traffic192.168.2.65003513.232.67.198443TCP
                              2024-11-24T11:17:14.628336+010028033053Unknown Traffic192.168.2.65006313.232.67.198443TCP
                              2024-11-24T11:17:20.559847+010028033053Unknown Traffic192.168.2.65008813.232.67.198443TCP
                              2024-11-24T11:17:23.972063+010028033053Unknown Traffic192.168.2.65009713.232.67.198443TCP
                              2024-11-24T11:17:29.975402+010028033053Unknown Traffic192.168.2.65010713.232.67.198443TCP
                              2024-11-24T11:19:25.813655+010028033053Unknown Traffic192.168.2.65033913.232.67.199443TCP
                              2024-11-24T11:19:28.768515+010028033053Unknown Traffic192.168.2.65034313.232.67.199443TCP
                              2024-11-24T11:19:31.944034+010028033053Unknown Traffic192.168.2.65034913.232.67.199443TCP

                              Joe Sandbox Signatures

                              Click to jump to signature section

                              Show All Signature Results

                              AV Detection

                              barindex
                              Multi AV Scanner detection for dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeReversingLabs: Detection: 26%
                              Multi AV Scanner detection for submitted file
                              Source: registration.msiReversingLabs: Detection: 28%
                              AI detected suspicious sample
                              Source: Submited SampleIntegrated Neural Analysis Model: Matched 96.6% probability
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\InstallUtil.InstallLogJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLogJump to behavior
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:49774 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:49775 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 108.158.75.12:443 -> 192.168.2.6:49795 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:49950 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:49949 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:49965 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:49963 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:49977 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:49985 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:49986 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50006 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50015 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50014 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50018 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50046 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50056 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50088 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50091 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50097 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50114 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50118 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50126 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50130 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50132 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50131 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50136 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50140 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50142 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50145 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50154 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50166 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50173 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50182 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50184 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50195 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50199 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50200 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50208 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50211 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50218 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50225 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50224 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50230 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50231 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50238 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50239 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50240 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50246 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50250 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50258 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.6:50261 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.6:50262 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.6:50272 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.6:50280 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.6:50282 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.6:50284 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.6:50294 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.6:50303 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.6:50304 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.6:50307 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.6:50319 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.6:50322 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.6:50323 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.6:50326 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.6:50329 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.6:50330 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.6:50334 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.6:50339 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.6:50350 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.6:50349 version: TLS 1.2
                              Source: Binary string: D:\a\1\s\AgentPackageAgentInformation\AgentPackageAgentInformation\obj\Release\AgentPackageAgentInformation.pdb source: AgentPackageAgentInformation.exe, 00000014.00000000.2580452917.000001FE48962000.00000002.00000001.01000000.00000016.sdmp, AgentPackageAgentInformation.exe.15.dr
                              Source: Binary string: D:\a\1\s\AlphaControlAgentInstallation\obj\Release\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000004.00000003.2279701962.0000000004C02000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2291421210.0000000004400000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2338894865.00000000029A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2347431568.0000000007033000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2350193018.0000000004B8F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2481662391.0000000002C85000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2427395376.00000000046FC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2484645083.0000000007330000.00000004.00000020.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.6.dr, AlphaControlAgentInstallation.dll.18.dr, AlphaControlAgentInstallation.dll.4.dr
                              Source: Binary string: \??\C:\Windows\symbols\dll\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000005.00000002.2338894865.0000000002A16000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: \??\C:\Windows\AlphaControlAgentInstallation.pdbCn source: rundll32.exe, 00000012.00000002.2481662391.0000000002C85000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: AgentPackageAgentInformation.exe, 00000016.00000002.2620350123.000002A86664B000.00000002.00000001.01000000.00000019.sdmp, Newtonsoft.Json.dll.15.dr
                              Source: Binary string: \??\C:\Windows\symbols\dll\System.pdbpH source: rundll32.exe, 00000005.00000002.2347431568.0000000007022000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb<$ source: AteraAgent.exe, 0000000D.00000000.2366604814.000001D0B8FF2000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe.2.dr
                              Source: Binary string: System.pdbN|2h|2 Z|2_CorDllMainmscoree.dll source: rundll32.exe, 00000005.00000002.2347431568.0000000007022000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: rundll32.exe, 00000004.00000003.2279701962.0000000004C33000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2291421210.0000000004431000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2350193018.0000000004BC0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4750635024.0000025E6EB92000.00000002.00000001.01000000.0000001A.sdmp, rundll32.exe, 00000012.00000003.2427395376.000000000472D000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000016.00000002.2620350123.000002A86664B000.00000002.00000001.01000000.00000019.sdmp, Newtonsoft.Json.dll.6.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.2.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.15.dr, Newtonsoft.Json.dll.18.dr
                              Source: Binary string: l\System.pdb source: rundll32.exe, 00000012.00000002.2481662391.0000000002CFE000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: C:\Windows\AlphaControlAgentInstallation.pdbpdbion.pdb source: rundll32.exe, 00000012.00000002.2481662391.0000000002CFE000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdb source: AgentPackageAgentInformation.exe, 00000014.00000002.2619260815.000001FE49192000.00000002.00000001.01000000.00000018.sdmp, Atera.AgentPackage.Common.dll.15.dr
                              Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netstandard1.0\System.ValueTuple.pdb source: System.ValueTuple.dll.2.dr
                              Source: Binary string: \??\C:\Windows\dll\AlphaControlAgentInstallation.pdbCDSD source: rundll32.exe, 00000005.00000002.2347431568.0000000007022000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: C:\Windows\AlphaControlAgentInstallation.pdbpdbion.pdbD\Enco source: rundll32.exe, 00000005.00000002.2338894865.0000000002A20000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: \??\C:\Windows\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000005.00000002.2338894865.00000000029A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2481662391.0000000002C85000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: \??\C:\Windows\Installer\MSIFFD7.tmp-\AlphaControlAgentInstallation.PDBk.Q source: rundll32.exe, 00000012.00000002.2481662391.0000000002C85000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: m\C:\Windows\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000005.00000002.2338335084.00000000024D7000.00000004.00000010.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2481375475.00000000027F7000.00000004.00000010.00020000.00000000.sdmp
                              Source: Binary string: C:\agent\_work\66\s\build\ship\x86\wixca.pdb source: registration.msi, MSIE596.tmp.2.dr, 41c382.msi.2.dr, MSIE6C0.tmp.2.dr, MSIE49B.tmp.2.dr
                              Source: Binary string: dows\dll\System.pdb source: rundll32.exe, 00000005.00000002.2338894865.0000000002A20000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2481662391.0000000002CFE000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: \??\C:\Windows\System.pdb source: rundll32.exe, 00000005.00000002.2347431568.0000000007022000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2484645083.0000000007330000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdbP source: rundll32.exe, 00000004.00000003.2279701962.0000000004C02000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2291421210.0000000004400000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2350193018.0000000004B8F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2427395376.00000000046FC000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.18.dr
                              Source: Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdbPf source: AgentPackageAgentInformation.exe, 00000014.00000002.2619260815.000001FE49192000.00000002.00000001.01000000.00000018.sdmp, Atera.AgentPackage.Common.dll.15.dr
                              Source: Binary string: \??\C:\Windows\dll\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000005.00000002.2347431568.0000000007022000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: System.pdb source: rundll32.exe, 00000005.00000002.2347431568.0000000007022000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: \??\C:\Windows\Installer\MSIFFD7.tmp-\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000012.00000002.2481662391.0000000002C85000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: BouncyCastle.Crypto.pdbSHA256 source: BouncyCastle.Crypto.dll.2.dr
                              Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdb source: rundll32.exe, 00000004.00000003.2279701962.0000000004C02000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2291421210.0000000004400000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2350193018.0000000004B8F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2427395376.00000000046FC000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.18.dr
                              Source: Binary string: \??\C:\Windows\System.pdbalth source: rundll32.exe, 00000012.00000002.2484645083.0000000007330000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb source: AteraAgent.exe, 0000000D.00000000.2366604814.000001D0B8FF2000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe.2.dr
                              Source: Binary string: \??\C:\Windows\symbols\dll\AlphaControlAgentInstallation.pdbs[F source: rundll32.exe, 00000012.00000002.2481662391.0000000002CEB000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netstandard1.0\System.ValueTuple.pdbSHA256 source: System.ValueTuple.dll.2.dr
                              Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: rundll32.exe, 00000005.00000002.2338894865.0000000002A20000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2481662391.0000000002C85000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdbSHA256 source: AteraAgent.exe, 0000000D.00000002.2421806948.000001D0D3562000.00000002.00000001.01000000.00000011.sdmp, Pubnub.dll.2.dr
                              Source: Binary string: \??\C:\Windows\AlphaControlAgentInstallation.pdbviderW source: rundll32.exe, 00000005.00000002.2338894865.00000000029A5000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdb source: AteraAgent.exe, 0000000D.00000002.2421806948.000001D0D3562000.00000002.00000001.01000000.00000011.sdmp, Pubnub.dll.2.dr
                              Source: Binary string: \??\C:\Windows\symbols\dll\System.pdbeH*c% source: rundll32.exe, 00000005.00000002.2347431568.0000000007022000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: mC:\Windows\Installer\MSICAE6.tmp-\AlphaControlAgentInstallation.pdbU source: rundll32.exe, 00000005.00000002.2338335084.00000000024D7000.00000004.00000010.00020000.00000000.sdmp
                              Source: Binary string: C:\agent\_work\66\s\build\ship\x86\SfxCA.pdb source: registration.msi, 41c382.msi.2.dr, MSIC4F9.tmp.2.dr, MSIFFD7.tmp.2.dr, MSICAE6.tmp.2.dr
                              Source: Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdbSHA256mW source: AteraAgent.exe, 0000000F.00000002.4753488973.0000025E6F162000.00000002.00000001.01000000.0000001B.sdmp, ICSharpCode.SharpZipLib.dll.2.dr
                              Source: Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdb source: AteraAgent.exe, 0000000F.00000002.4753488973.0000025E6F162000.00000002.00000001.01000000.0000001B.sdmp, ICSharpCode.SharpZipLib.dll.2.dr
                              Source: Binary string: BouncyCastle.Crypto.pdb source: BouncyCastle.Crypto.dll.2.dr
                              Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA2567 source: rundll32.exe, 00000004.00000003.2279701962.0000000004C33000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2291421210.0000000004431000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2350193018.0000000004BC0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4750635024.0000025E6EB92000.00000002.00000001.01000000.0000001A.sdmp, rundll32.exe, 00000012.00000003.2427395376.000000000472D000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.6.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.2.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.18.dr
                              Source: Binary string: \??\C:\Windows\Installer\MSICAE6.tmp-\AlphaControlAgentInstallation.pdb4 source: rundll32.exe, 00000005.00000002.2338894865.00000000029A5000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: mC:\Windows\Installer\MSIFFD7.tmp-\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000012.00000002.2481375475.00000000027F7000.00000004.00000010.00020000.00000000.sdmp
                              Source: Binary string: \??\C:\Windows\symbols\dll\AlphaControlAgentInstallation.pdbes source: rundll32.exe, 00000012.00000002.2481662391.0000000002CEB000.00000004.00000020.00020000.00000000.sdmp
                              Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile opened: c:
                              Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD341C1FFFh13_2_00007FFD341C1E88
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD341C1FFFh13_2_00007FFD341C1E7E
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD341C1FFFh13_2_00007FFD341C1EB6
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD341C1873h13_2_00007FFD341C184E
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD341C1A44h13_2_00007FFD341C184E
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD341C1873h13_2_00007FFD341C0C1D
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD341C1A44h13_2_00007FFD341C0C1D
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD341C1FFFh13_2_00007FFD341C0C1D
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD341C227Bh13_2_00007FFD341C0C1D
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD34194ECBh15_2_00007FFD34194E6B
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD341A6E42h15_2_00007FFD341A6AE6
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD3419227Bh15_2_00007FFD3419225D
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD341A6E42h15_2_00007FFD341A6AF0
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD343B5920h15_2_00007FFD343B5740
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then dec eax15_2_00007FFD343B2F66
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD343B0C76h15_2_00007FFD343B0A19
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD343B0C76h15_2_00007FFD343B0420
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD343B00EAh15_2_00007FFD343B0079
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD343B5920h15_2_00007FFD343B5886
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD343B5920h15_2_00007FFD343B58EF

                              Networking

                              barindex
                              Yara detected Generic Downloader
                              Source: Yara matchFile source: 20.0.AgentPackageAgentInformation.exe.1fe48960000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, type: DROPPED
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=af5bf701-7249-45e5-86be-19d8d9c83003&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Host: ps.pndsn.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95fbc98a-3c27-44ae-84cf-9e3acc292491/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=2437e5c2-c49a-46e7-85a0-5bd5b0f3e346&tt=0&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=bf7ca070-0a55-4d8e-8d7a-52b5cb49f44c&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Host: ps.pndsn.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95fbc98a-3c27-44ae-84cf-9e3acc292491/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=5acd82f0-57ae-41e0-85e3-b5cb80ee27df&tr=31&tt=17324433379477685&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /agentpackagesnet45/AgentPackageAgentInformation/38.0/AgentPackageAgentInformation.zip?w8Q4MxnxsTU+y3lbIKhb1p3E6E9NGNGr43vM7ggjDRD5G9cDVa0pn3fF3kInqamc HTTP/1.1Host: ps.atera.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=dd31cbca-11f7-438d-95d1-0103076c3b19&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95fbc98a-3c27-44ae-84cf-9e3acc292491/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=8a545e8a-5ca3-4586-95ee-223486bad101&tr=31&tt=17324433411580562&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=a550ee73-b0e6-4203-86b7-33ebef664c1d&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95fbc98a-3c27-44ae-84cf-9e3acc292491/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=3dabc9ca-50ca-4769-82eb-40791913b06c&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/,/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=82fdf8d4-8981-41b8-81dd-da3d6c848351&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=aa11bfe9-8289-42c2-be65-d6291fd164cf&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95fbc98a-3c27-44ae-84cf-9e3acc292491/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=d06e9be8-9779-43f1-a370-eed925135e8d&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=cc4be31c-7bd0-4546-8157-021785aaabf9&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95fbc98a-3c27-44ae-84cf-9e3acc292491/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=e695b199-cbc9-44ed-b89a-77707fde66b0&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=7ad0a761-601d-4dfb-892a-87e5a80d8cfd&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95fbc98a-3c27-44ae-84cf-9e3acc292491/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=939e5a96-d596-4e59-936e-7ae5d28307cc&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95fbc98a-3c27-44ae-84cf-9e3acc292491/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=1c583dbc-af1e-4d45-80f1-003dabe8eea7&tt=0&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e10b719b-981a-446e-ba23-7c69d7f94ded&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95fbc98a-3c27-44ae-84cf-9e3acc292491/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=15951373-2c36-4fa8-affe-36f2ec07b81f&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95fbc98a-3c27-44ae-84cf-9e3acc292491/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=44d081ca-4526-4116-82b9-755899f28369&tt=0&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95fbc98a-3c27-44ae-84cf-9e3acc292491/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=2a3f0c53-5de8-4152-9013-693952c09124&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=1ddb02cf-39da-4196-a130-53d484e9194d&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95fbc98a-3c27-44ae-84cf-9e3acc292491/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=15a8e400-4d66-4396-85a9-a52c47560c82&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95fbc98a-3c27-44ae-84cf-9e3acc292491/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=01eea71f-f36d-4bce-8cd1-fb9075d78180&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95fbc98a-3c27-44ae-84cf-9e3acc292491/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=b72bd97c-f6a1-480d-9594-461af2e421f4&tt=0&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=3f56d55c-6ba5-4af1-9be1-2dea66d5d0f7&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95fbc98a-3c27-44ae-84cf-9e3acc292491/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=5fe5955e-4d52-4f15-a999-10b126f5fc74&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95fbc98a-3c27-44ae-84cf-9e3acc292491/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=b748dd63-e45c-4e56-a14e-2acb4546abf0&tr=31&tt=17324434315367656&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=b46022d7-cbaa-40b8-8c72-fd984bb21007&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95fbc98a-3c27-44ae-84cf-9e3acc292491/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=b554e624-5e74-4caa-b7de-790b1533e993&tr=31&tt=17324434350865773&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=12ab6b1a-a82d-4206-b67b-cf0ecb23de70&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95fbc98a-3c27-44ae-84cf-9e3acc292491/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=e3aa32f8-3a58-4ef4-b289-b05205d0c00e&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=bc070723-3cfb-4171-b999-27f32c59f0dd&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95fbc98a-3c27-44ae-84cf-9e3acc292491/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=6d5cfce1-b215-4be8-a3eb-65f371d376ce&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95fbc98a-3c27-44ae-84cf-9e3acc292491/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=b59d65c0-c360-410b-969c-bbedbf0ff1c9&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=9ead68d6-bdd5-4770-a068-8d3fb261cd22&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=8dec4445-c0f5-4b3e-90c5-b0e958ca91da&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95fbc98a-3c27-44ae-84cf-9e3acc292491/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=57719228-a14b-4385-bc90-4fb880778c52&tt=0&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95fbc98a-3c27-44ae-84cf-9e3acc292491/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=92f4880d-dc2f-4ace-a46f-d9a0bf4fb400&tr=33&tt=17324434578282801&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ec561522-6fb6-4012-8b4a-f77b6640fc9d&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Host: ps.pndsn.com
                              Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49797 -> 13.232.67.198:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49906 -> 13.232.67.198:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49985 -> 13.232.67.198:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49963 -> 13.232.67.198:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49949 -> 13.232.67.198:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50006 -> 13.232.67.198:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50035 -> 13.232.67.198:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50063 -> 13.232.67.198:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50107 -> 13.232.67.198:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50088 -> 13.232.67.198:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50097 -> 13.232.67.198:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50339 -> 13.232.67.199:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50343 -> 13.232.67.199:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50349 -> 13.232.67.199:443
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=af5bf701-7249-45e5-86be-19d8d9c83003&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Host: ps.pndsn.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95fbc98a-3c27-44ae-84cf-9e3acc292491/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=2437e5c2-c49a-46e7-85a0-5bd5b0f3e346&tt=0&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=bf7ca070-0a55-4d8e-8d7a-52b5cb49f44c&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Host: ps.pndsn.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95fbc98a-3c27-44ae-84cf-9e3acc292491/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=5acd82f0-57ae-41e0-85e3-b5cb80ee27df&tr=31&tt=17324433379477685&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /agentpackagesnet45/AgentPackageAgentInformation/38.0/AgentPackageAgentInformation.zip?w8Q4MxnxsTU+y3lbIKhb1p3E6E9NGNGr43vM7ggjDRD5G9cDVa0pn3fF3kInqamc HTTP/1.1Host: ps.atera.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=dd31cbca-11f7-438d-95d1-0103076c3b19&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95fbc98a-3c27-44ae-84cf-9e3acc292491/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=8a545e8a-5ca3-4586-95ee-223486bad101&tr=31&tt=17324433411580562&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=a550ee73-b0e6-4203-86b7-33ebef664c1d&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95fbc98a-3c27-44ae-84cf-9e3acc292491/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=3dabc9ca-50ca-4769-82eb-40791913b06c&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/,/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=82fdf8d4-8981-41b8-81dd-da3d6c848351&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=aa11bfe9-8289-42c2-be65-d6291fd164cf&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95fbc98a-3c27-44ae-84cf-9e3acc292491/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=d06e9be8-9779-43f1-a370-eed925135e8d&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=cc4be31c-7bd0-4546-8157-021785aaabf9&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95fbc98a-3c27-44ae-84cf-9e3acc292491/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=e695b199-cbc9-44ed-b89a-77707fde66b0&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=7ad0a761-601d-4dfb-892a-87e5a80d8cfd&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95fbc98a-3c27-44ae-84cf-9e3acc292491/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=939e5a96-d596-4e59-936e-7ae5d28307cc&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95fbc98a-3c27-44ae-84cf-9e3acc292491/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=1c583dbc-af1e-4d45-80f1-003dabe8eea7&tt=0&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e10b719b-981a-446e-ba23-7c69d7f94ded&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95fbc98a-3c27-44ae-84cf-9e3acc292491/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=15951373-2c36-4fa8-affe-36f2ec07b81f&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95fbc98a-3c27-44ae-84cf-9e3acc292491/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=44d081ca-4526-4116-82b9-755899f28369&tt=0&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95fbc98a-3c27-44ae-84cf-9e3acc292491/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=2a3f0c53-5de8-4152-9013-693952c09124&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=1ddb02cf-39da-4196-a130-53d484e9194d&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95fbc98a-3c27-44ae-84cf-9e3acc292491/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=15a8e400-4d66-4396-85a9-a52c47560c82&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95fbc98a-3c27-44ae-84cf-9e3acc292491/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=01eea71f-f36d-4bce-8cd1-fb9075d78180&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95fbc98a-3c27-44ae-84cf-9e3acc292491/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=b72bd97c-f6a1-480d-9594-461af2e421f4&tt=0&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=3f56d55c-6ba5-4af1-9be1-2dea66d5d0f7&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95fbc98a-3c27-44ae-84cf-9e3acc292491/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=5fe5955e-4d52-4f15-a999-10b126f5fc74&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95fbc98a-3c27-44ae-84cf-9e3acc292491/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=b748dd63-e45c-4e56-a14e-2acb4546abf0&tr=31&tt=17324434315367656&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=b46022d7-cbaa-40b8-8c72-fd984bb21007&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95fbc98a-3c27-44ae-84cf-9e3acc292491/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=b554e624-5e74-4caa-b7de-790b1533e993&tr=31&tt=17324434350865773&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=12ab6b1a-a82d-4206-b67b-cf0ecb23de70&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95fbc98a-3c27-44ae-84cf-9e3acc292491/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=e3aa32f8-3a58-4ef4-b289-b05205d0c00e&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=bc070723-3cfb-4171-b999-27f32c59f0dd&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95fbc98a-3c27-44ae-84cf-9e3acc292491/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=6d5cfce1-b215-4be8-a3eb-65f371d376ce&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95fbc98a-3c27-44ae-84cf-9e3acc292491/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=b59d65c0-c360-410b-969c-bbedbf0ff1c9&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=9ead68d6-bdd5-4770-a068-8d3fb261cd22&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=8dec4445-c0f5-4b3e-90c5-b0e958ca91da&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95fbc98a-3c27-44ae-84cf-9e3acc292491/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=57719228-a14b-4385-bc90-4fb880778c52&tt=0&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95fbc98a-3c27-44ae-84cf-9e3acc292491/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=92f4880d-dc2f-4ace-a46f-d9a0bf4fb400&tr=33&tt=17324434578282801&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ec561522-6fb6-4012-8b4a-f77b6640fc9d&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficDNS traffic detected: DNS query: agent-api.atera.com
                              Source: global trafficDNS traffic detected: DNS query: ps.pndsn.com
                              Source: global trafficDNS traffic detected: DNS query: ps.atera.com
                              Source: AteraAgent.exe, 0000000D.00000000.2366604814.000001D0B8FF2000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00001000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe.2.drString found in binary or memory: http://acontrol.atera.com/
                              Source: rundll32.exe, 00000005.00000002.2341611865.0000000004805000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E004E4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00566000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00560000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E007DF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E004C0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2483405814.0000000004AF5000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.2619394288.000001FE4935F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000016.00000002.2621291158.000002A8667BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.3592707390.00000140BFC9F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.3789368598.000001AD0012F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001C.00000002.3980162683.000001BB8194F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://agent-api.atera.com
                              Source: rundll32.exe, 00000005.00000002.2341611865.0000000004805000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00560000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E007DF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E004C0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2483405814.0000000004AF5000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.2619394288.000001FE4935F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000016.00000002.2621291158.000002A8667BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.3592707390.00000140BFC9F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.3789368598.000001AD0012F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001C.00000002.3980162683.000001BB8194F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://atera-agent-api-eu.westeurope.cloudapp.azure.com
                              Source: rundll32.exe, 00000004.00000003.2279701962.0000000004C33000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2291421210.0000000004431000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2350193018.0000000004BC0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2427395376.000000000472D000.00000004.00000020.00020000.00000000.sdmp, registration.msi, MSIE596.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, 41c382.msi.2.dr, MSIE6C0.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.18.dr, MSIE49B.tmp.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                              Source: rundll32.exe, 00000004.00000003.2279701962.0000000004C33000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2291421210.0000000004431000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2350193018.0000000004BC0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4753004046.0000025E6EF5B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2427395376.000000000472D000.00000004.00000020.00020000.00000000.sdmp, registration.msi, System.ValueTuple.dll.2.dr, Pubnub.dll.2.dr, ICSharpCode.SharpZipLib.dll.2.dr, Newtonsoft.Json.dll.6.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.2.dr, 41c382.msi.2.dr, AgentPackageAgentInformation.exe.15.dr, Newtonsoft.Json.dll.5.dr, Atera.AgentPackage.Common.dll.15.dr, Newtonsoft.Json.dll.15.dr, Newtonsoft.Json.dll.18.dr, AteraAgent.exe.2.dr, BouncyCastle.Crypto.dll.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                              Source: rundll32.exe, 00000004.00000003.2279701962.0000000004C33000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2291421210.0000000004431000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2350193018.0000000004BC0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2427395376.000000000472D000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.6.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.18.drString found in binary or memory: http://cacerts.digicert.com/DigiCertCSRSA4096RootG5.crt0E
                              Source: rundll32.exe, 00000004.00000003.2279701962.0000000004C33000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2291421210.0000000004431000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2350193018.0000000004BC0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2427395376.000000000472D000.00000004.00000020.00020000.00000000.sdmp, registration.msi, MSIE596.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, 41c382.msi.2.dr, MSIE6C0.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.18.dr, MSIE49B.tmp.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
                              Source: C56C4404C4DEF0DC88E5FCD9F09CB2F10.15.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt
                              Source: AteraAgent.exe, 0000000D.00000002.2420125262.000001D0BAE1A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2421031200.000001D0D3456000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2422257360.000001D0D373C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4751349828.0000025E6EDF8000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4751349828.0000025E6EE89000.00000004.00000020.00020000.00000000.sdmp, registration.msi, System.ValueTuple.dll.2.dr, Pubnub.dll.2.dr, ICSharpCode.SharpZipLib.dll.2.dr, Newtonsoft.Json.dll.2.dr, 41c382.msi.2.dr, AgentPackageAgentInformation.exe.15.dr, Atera.AgentPackage.Common.dll.15.dr, Newtonsoft.Json.dll.15.dr, AteraAgent.exe.2.dr, BouncyCastle.Crypto.dll.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                              Source: rundll32.exe, 00000004.00000003.2279701962.0000000004C33000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2291421210.0000000004431000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2350193018.0000000004BC0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2421031200.000001D0D3456000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4753708723.0000025E6F29D000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4751349828.0000025E6EE89000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2427395376.000000000472D000.00000004.00000020.00020000.00000000.sdmp, registration.msi, System.ValueTuple.dll.2.dr, Pubnub.dll.2.dr, ICSharpCode.SharpZipLib.dll.2.dr, Newtonsoft.Json.dll.6.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.2.dr, 41c382.msi.2.dr, AgentPackageAgentInformation.exe.15.dr, Newtonsoft.Json.dll.5.dr, Atera.AgentPackage.Common.dll.15.dr, Newtonsoft.Json.dll.15.dr, Newtonsoft.Json.dll.18.dr, AteraAgent.exe.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                              Source: F2E248BEDDBB2D85122423C41028BFD40.15.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt
                              Source: rundll32.exe, 00000004.00000003.2279701962.0000000004C33000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2291421210.0000000004431000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2350193018.0000000004BC0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4751349828.0000025E6EDF8000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4751349828.0000025E6EE89000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4749463408.0000025E6E9D0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2427395376.000000000472D000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.2621254823.000001FE61B27000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.2621254823.000001FE61B4C000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000016.00000002.2622805844.000002A87EDD1000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000016.00000002.2622805844.000002A87EDFF000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.3594676715.00000140D832A000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.3794289217.000001AD7BE4F000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.3794289217.000001AD7BE21000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001C.00000002.3989509307.000001BB9A1E8000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001C.00000002.3989509307.000001BB9A1B9000.00000004.00000020.00020000.00000000.sdmp, registration.msi, C56C4404C4DEF0DC88E5FCD9F09CB2F1.15.dr, System.ValueTuple.dll.2.dr, Pubnub.dll.2.dr, ICSharpCode.SharpZipLib.dll.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                              Source: rundll32.exe, 00000004.00000003.2279701962.0000000004C33000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2291421210.0000000004431000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2350193018.0000000004BC0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2427395376.000000000472D000.00000004.00000020.00020000.00000000.sdmp, registration.msi, MSIE596.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, 41c382.msi.2.dr, MSIE6C0.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.18.dr, MSIE49B.tmp.2.drString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
                              Source: rundll32.exe, 00000004.00000003.2279701962.0000000004C33000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2291421210.0000000004431000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2350193018.0000000004BC0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2427395376.000000000472D000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.6.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.18.drString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA2.crt0
                              Source: AteraAgent.exe, 0000000F.00000002.4751349828.0000025E6EDF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com:80/DigiCertTrustedRootG4.crtlLow
                              Source: rundll32.exe, 00000012.00000002.2484645083.0000000007330000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.m
                              Source: rundll32.exe, 00000004.00000003.2279701962.0000000004C33000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2291421210.0000000004431000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2350193018.0000000004BC0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2421031200.000001D0D3456000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4753004046.0000025E6EF5B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2427395376.000000000472D000.00000004.00000020.00020000.00000000.sdmp, registration.msi, System.ValueTuple.dll.2.dr, Pubnub.dll.2.dr, ICSharpCode.SharpZipLib.dll.2.dr, Newtonsoft.Json.dll.6.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.2.dr, 41c382.msi.2.dr, AgentPackageAgentInformation.exe.15.dr, Newtonsoft.Json.dll.5.dr, Atera.AgentPackage.Common.dll.15.dr, Newtonsoft.Json.dll.15.dr, Newtonsoft.Json.dll.18.dr, AteraAgent.exe.2.dr, BouncyCastle.Crypto.dll.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                              Source: rundll32.exe, 00000004.00000003.2279701962.0000000004C33000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2291421210.0000000004431000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2350193018.0000000004BC0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2427395376.000000000472D000.00000004.00000020.00020000.00000000.sdmp, registration.msi, MSIE596.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, 41c382.msi.2.dr, MSIE6C0.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.18.dr, MSIE49B.tmp.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
                              Source: rundll32.exe, 00000004.00000003.2279701962.0000000004C33000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2291421210.0000000004431000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2350193018.0000000004BC0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2427395376.000000000472D000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.6.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.18.drString found in binary or memory: http://crl3.digicert.com/DigiCertCSRSA4096RootG5.crl0
                              Source: rundll32.exe, 00000004.00000003.2279701962.0000000004C33000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2291421210.0000000004431000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2350193018.0000000004BC0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2427395376.000000000472D000.00000004.00000020.00020000.00000000.sdmp, registration.msi, MSIE596.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, 41c382.msi.2.dr, MSIE6C0.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.18.dr, MSIE49B.tmp.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
                              Source: AteraAgent.exe, 0000000F.00000002.4747454234.0000025E6D8EA000.00000004.00000020.00020000.00000000.sdmp, 1A374813EDB1A6631387E414D3E732320.15.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
                              Source: AteraAgent.exe, 0000000D.00000002.2420125262.000001D0BAE1A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2421031200.000001D0D3456000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2422257360.000001D0D373C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4751349828.0000025E6EDF8000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4751349828.0000025E6EE89000.00000004.00000020.00020000.00000000.sdmp, registration.msi, System.ValueTuple.dll.2.dr, Pubnub.dll.2.dr, ICSharpCode.SharpZipLib.dll.2.dr, Newtonsoft.Json.dll.2.dr, 41c382.msi.2.dr, AgentPackageAgentInformation.exe.15.dr, Atera.AgentPackage.Common.dll.15.dr, Newtonsoft.Json.dll.15.dr, AteraAgent.exe.2.dr, BouncyCastle.Crypto.dll.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                              Source: AteraAgent.exe, 0000000D.00000002.2421295890.000001D0D34CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlc
                              Source: AteraAgent.exe, 0000000D.00000002.2421031200.000001D0D3456000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlt
                              Source: rundll32.exe, 00000004.00000003.2279701962.0000000004C33000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2291421210.0000000004431000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2350193018.0000000004BC0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2421031200.000001D0D3456000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4753708723.0000025E6F29D000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4751349828.0000025E6EE89000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2427395376.000000000472D000.00000004.00000020.00020000.00000000.sdmp, registration.msi, System.ValueTuple.dll.2.dr, Pubnub.dll.2.dr, ICSharpCode.SharpZipLib.dll.2.dr, Newtonsoft.Json.dll.6.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.2.dr, 41c382.msi.2.dr, AgentPackageAgentInformation.exe.15.dr, Newtonsoft.Json.dll.5.dr, Atera.AgentPackage.Common.dll.15.dr, Newtonsoft.Json.dll.15.dr, Newtonsoft.Json.dll.18.dr, AteraAgent.exe.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                              Source: AteraAgent.exe, 0000000D.00000002.2420980464.000001D0D3420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl
                              Source: BouncyCastle.Crypto.dll.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                              Source: AteraAgent.exe, 0000000F.00000002.4749463408.0000025E6EA16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crlC
                              Source: AteraAgent.exe, 0000000F.00000002.4749463408.0000025E6EA16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crlL
                              Source: AteraAgent.exe, 0000000D.00000002.2420980464.000001D0D3420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crld
                              Source: rundll32.exe, 00000004.00000003.2279701962.0000000004C33000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2291421210.0000000004431000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2350193018.0000000004BC0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2427395376.000000000472D000.00000004.00000020.00020000.00000000.sdmp, registration.msi, MSIE596.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, 41c382.msi.2.dr, MSIE6C0.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.18.dr, MSIE49B.tmp.2.drString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
                              Source: rundll32.exe, 00000004.00000003.2279701962.0000000004C33000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2291421210.0000000004431000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2350193018.0000000004BC0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2427395376.000000000472D000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.6.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.18.drString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0F
                              Source: rundll32.exe, 00000004.00000003.2279701962.0000000004C33000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2291421210.0000000004431000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2350193018.0000000004BC0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2427395376.000000000472D000.00000004.00000020.00020000.00000000.sdmp, registration.msi, MSIE596.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, 41c382.msi.2.dr, MSIE6C0.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.18.dr, MSIE49B.tmp.2.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
                              Source: AteraAgent.exe, 0000000D.00000002.2421295890.000001D0D34CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/teDe
                              Source: AteraAgent.exe, 0000000D.00000002.2421644078.000001D0D3508000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com:80/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
                              Source: AteraAgent.exe, 0000000D.00000002.2421295890.000001D0D34CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/
                              Source: rundll32.exe, 00000004.00000003.2279701962.0000000004C33000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2291421210.0000000004431000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2350193018.0000000004BC0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2427395376.000000000472D000.00000004.00000020.00020000.00000000.sdmp, registration.msi, MSIE596.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, 41c382.msi.2.dr, MSIE6C0.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.18.dr, MSIE49B.tmp.2.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                              Source: AteraAgent.exe, 0000000D.00000002.2421644078.000001D0D3508000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4749463408.0000025E6EA16000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4747454234.0000025E6D8EA000.00000004.00000020.00020000.00000000.sdmp, 329B6147266C1E26CD774EA22B79EC2E0.15.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
                              Source: AteraAgent.exe, 0000000D.00000002.2420125262.000001D0BAE1A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2421031200.000001D0D3456000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2422257360.000001D0D373C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4751349828.0000025E6EDF8000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4751349828.0000025E6EE89000.00000004.00000020.00020000.00000000.sdmp, registration.msi, System.ValueTuple.dll.2.dr, Pubnub.dll.2.dr, ICSharpCode.SharpZipLib.dll.2.dr, Newtonsoft.Json.dll.2.dr, 41c382.msi.2.dr, AgentPackageAgentInformation.exe.15.dr, Atera.AgentPackage.Common.dll.15.dr, Newtonsoft.Json.dll.15.dr, AteraAgent.exe.2.dr, BouncyCastle.Crypto.dll.2.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
                              Source: AteraAgent.exe, 0000000D.00000002.2419340480.000001D0B92EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl7
                              Source: AteraAgent.exe, 0000000D.00000002.2421031200.000001D0D3456000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl:
                              Source: AteraAgent.exe, 0000000D.00000002.2421644078.000001D0D3508000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlE
                              Source: AteraAgent.exe, 0000000D.00000002.2421644078.000001D0D3508000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlu
                              Source: rundll32.exe, 00000004.00000003.2279701962.0000000004C33000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2291421210.0000000004431000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2350193018.0000000004BC0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2427395376.000000000472D000.00000004.00000020.00020000.00000000.sdmp, registration.msi, MSIE596.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, 41c382.msi.2.dr, MSIE6C0.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.18.dr, MSIE49B.tmp.2.drString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0L
                              Source: rundll32.exe, 00000004.00000003.2279701962.0000000004C33000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2291421210.0000000004431000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2350193018.0000000004BC0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2427395376.000000000472D000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.6.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.18.drString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0=
                              Source: rundll32.exe, 00000004.00000003.2279701962.0000000004C33000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2291421210.0000000004431000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2350193018.0000000004BC0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2427395376.000000000472D000.00000004.00000020.00020000.00000000.sdmp, registration.msi, MSIE596.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, 41c382.msi.2.dr, MSIE6C0.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.18.dr, MSIE49B.tmp.2.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
                              Source: AteraAgent.exe, 0000000D.00000002.2421644078.000001D0D3508000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com:80/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlB
                              Source: AteraAgent.exe, 0000000F.00000002.4751349828.0000025E6EDB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabomk#
                              Source: 57C8EDB95DF3F0AD4EE2DC2B8CFD4157.15.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab
                              Source: AteraAgent.exe, 0000000F.00000002.4751349828.0000025E6EE6A000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000000.2580452917.000001FE48962000.00000002.00000001.01000000.00000016.sdmp, AgentPackageAgentInformation.exe.15.drString found in binary or memory: http://dl.google.com/googletalk/googletalk-setup.exe
                              Source: Newtonsoft.Json.dll.18.drString found in binary or memory: http://james.newtonking.com/projects/json
                              Source: rundll32.exe, 00000005.00000002.2347431568.0000000007022000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://microsoft.co
                              Source: AteraAgent.exe, 0000000F.00000002.4751349828.0000025E6EDF8000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4753708723.0000025E6F2A7000.00000004.00000020.00020000.00000000.sdmp, 8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A9440.13.drString found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rh
                              Source: 698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB0.13.drString found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxL
                              Source: AteraAgent.exe, 0000000F.00000002.4753708723.0000025E6F2A7000.00000004.00000020.00020000.00000000.sdmp, C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F1410.13.drString found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxX
                              Source: AteraAgent.exe, 0000000D.00000002.2421295890.000001D0D34CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com/lIDq
                              Source: AteraAgent.exe, 0000000D.00000002.2420125262.000001D0BAE1A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2421031200.000001D0D3456000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2422257360.000001D0D373C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4751349828.0000025E6EDF8000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4751349828.0000025E6EE89000.00000004.00000020.00020000.00000000.sdmp, registration.msi, System.ValueTuple.dll.2.dr, Pubnub.dll.2.dr, ICSharpCode.SharpZipLib.dll.2.dr, Newtonsoft.Json.dll.2.dr, 41c382.msi.2.dr, AgentPackageAgentInformation.exe.15.dr, Atera.AgentPackage.Common.dll.15.dr, Newtonsoft.Json.dll.15.dr, AteraAgent.exe.2.dr, BouncyCastle.Crypto.dll.2.drString found in binary or memory: http://ocsp.digicert.com0
                              Source: rundll32.exe, 00000004.00000003.2279701962.0000000004C33000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2291421210.0000000004431000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2350193018.0000000004BC0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4751349828.0000025E6EDF8000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4751349828.0000025E6EE89000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4749463408.0000025E6E9D0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2427395376.000000000472D000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.2621254823.000001FE61B27000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.2621254823.000001FE61B4C000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000016.00000002.2622805844.000002A87EDD1000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000016.00000002.2622805844.000002A87EDFF000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.3594676715.00000140D832A000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.3794289217.000001AD7BE4F000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.3794289217.000001AD7BE21000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001C.00000002.3989509307.000001BB9A1E8000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001C.00000002.3989509307.000001BB9A1B9000.00000004.00000020.00020000.00000000.sdmp, registration.msi, C56C4404C4DEF0DC88E5FCD9F09CB2F1.15.dr, System.ValueTuple.dll.2.dr, Pubnub.dll.2.dr, ICSharpCode.SharpZipLib.dll.2.drString found in binary or memory: http://ocsp.digicert.com0A
                              Source: rundll32.exe, 00000004.00000003.2279701962.0000000004C33000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2291421210.0000000004431000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2350193018.0000000004BC0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4753004046.0000025E6EF5B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2427395376.000000000472D000.00000004.00000020.00020000.00000000.sdmp, registration.msi, MSIE596.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, System.ValueTuple.dll.2.dr, Pubnub.dll.2.dr, ICSharpCode.SharpZipLib.dll.2.dr, Newtonsoft.Json.dll.6.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.2.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, 41c382.msi.2.dr, AgentPackageAgentInformation.exe.15.dr, Newtonsoft.Json.dll.5.dr, MSIE6C0.tmp.2.dr, Atera.AgentPackage.Common.dll.15.dr, Newtonsoft.Json.dll.15.drString found in binary or memory: http://ocsp.digicert.com0C
                              Source: rundll32.exe, 00000004.00000003.2279701962.0000000004C33000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2291421210.0000000004431000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2350193018.0000000004BC0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2427395376.000000000472D000.00000004.00000020.00020000.00000000.sdmp, registration.msi, MSIE596.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, 41c382.msi.2.dr, MSIE6C0.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.18.dr, MSIE49B.tmp.2.drString found in binary or memory: http://ocsp.digicert.com0K
                              Source: rundll32.exe, 00000004.00000003.2279701962.0000000004C33000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2291421210.0000000004431000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2350193018.0000000004BC0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2427395376.000000000472D000.00000004.00000020.00020000.00000000.sdmp, registration.msi, MSIE596.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, 41c382.msi.2.dr, MSIE6C0.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.18.dr, MSIE49B.tmp.2.drString found in binary or memory: http://ocsp.digicert.com0N
                              Source: rundll32.exe, 00000004.00000003.2279701962.0000000004C33000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2291421210.0000000004431000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2350193018.0000000004BC0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2427395376.000000000472D000.00000004.00000020.00020000.00000000.sdmp, registration.msi, MSIE596.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Newtonsoft.Json.dll.6.dr, Newtonsoft.Json.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, 41c382.msi.2.dr, Newtonsoft.Json.dll.5.dr, MSIE6C0.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.18.dr, MSIE49B.tmp.2.dr, Newtonsoft.Json.dll.18.drString found in binary or memory: http://ocsp.digicert.com0O
                              Source: rundll32.exe, 00000004.00000003.2279701962.0000000004C33000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2291421210.0000000004431000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2350193018.0000000004BC0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2421031200.000001D0D3456000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4753708723.0000025E6F29D000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4751349828.0000025E6EE89000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2427395376.000000000472D000.00000004.00000020.00020000.00000000.sdmp, registration.msi, System.ValueTuple.dll.2.dr, Pubnub.dll.2.dr, ICSharpCode.SharpZipLib.dll.2.dr, Newtonsoft.Json.dll.6.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.2.dr, 41c382.msi.2.dr, AgentPackageAgentInformation.exe.15.dr, Newtonsoft.Json.dll.5.dr, Atera.AgentPackage.Common.dll.15.dr, Newtonsoft.Json.dll.15.dr, Newtonsoft.Json.dll.18.dr, AteraAgent.exe.2.drString found in binary or memory: http://ocsp.digicert.com0X
                              Source: AteraAgent.exe, 0000000D.00000002.2422257360.000001D0D3724000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRS
                              Source: AteraAgent.exe, 0000000D.00000002.2421295890.000001D0D34CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com:80/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF
                              Source: AteraAgent.exe, 0000000D.00000002.2421031200.000001D0D348E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertAssuredIDRootCA.crl
                              Source: AteraAgent.exe, 0000000D.00000002.2421031200.000001D0D348E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedRootG4.crl
                              Source: AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00434000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00440000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ps.pndsn.com
                              Source: AteraAgent.exe, 0000000D.00000002.2420125262.000001D0BAE1A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org
                              Source: AteraAgent.exe, 0000000D.00000002.2420125262.000001D0BAE1A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/
                              Source: AteraAgent.exe, 0000000D.00000002.2420125262.000001D0BAE1A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/System.ServiceProcess
                              Source: rundll32.exe, 00000005.00000002.2341611865.00000000047E4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2341611865.0000000004741000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00001000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2483405814.0000000004A31000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2483405814.0000000004AD4000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.2619394288.000001FE492B3000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000016.00000002.2621291158.000002A86674F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.3592707390.00000140BFC2F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.3789368598.000001AD000BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001C.00000002.3980162683.000001BB818DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                              Source: rundll32.exe, 00000004.00000003.2279701962.0000000004C33000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2291421210.0000000004431000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2350193018.0000000004BC0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2427395376.000000000472D000.00000004.00000020.00020000.00000000.sdmp, registration.msi, MSIE596.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, 41c382.msi.2.dr, MSIE6C0.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.18.dr, MSIE49B.tmp.2.drString found in binary or memory: http://wixtoolset.org
                              Source: rundll32.exe, 00000004.00000003.2279701962.0000000004C02000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2291421210.0000000004400000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2350193018.0000000004B8F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2427395376.00000000046FC000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.18.drString found in binary or memory: http://wixtoolset.org/Whttp://wixtoolset.org/telemetry/v
                              Source: rundll32.exe, 00000004.00000003.2279701962.0000000004C02000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2291421210.0000000004400000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2350193018.0000000004B8F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2427395376.00000000046FC000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.18.drString found in binary or memory: http://wixtoolset.org/news/
                              Source: rundll32.exe, 00000004.00000003.2279701962.0000000004C02000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2291421210.0000000004400000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2350193018.0000000004B8F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2427395376.00000000046FC000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.18.drString found in binary or memory: http://wixtoolset.org/releases/
                              Source: rundll32.exe, 00000004.00000003.2279701962.0000000004C33000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2291421210.0000000004431000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2350193018.0000000004BC0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2420125262.000001D0BAE1A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2421031200.000001D0D3456000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2422257360.000001D0D373C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4751349828.0000025E6EE89000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2427395376.000000000472D000.00000004.00000020.00020000.00000000.sdmp, registration.msi, System.ValueTuple.dll.2.dr, Pubnub.dll.2.dr, ICSharpCode.SharpZipLib.dll.2.dr, Newtonsoft.Json.dll.6.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.2.dr, 41c382.msi.2.dr, AgentPackageAgentInformation.exe.15.dr, Newtonsoft.Json.dll.5.dr, Atera.AgentPackage.Common.dll.15.dr, Newtonsoft.Json.dll.15.dr, Newtonsoft.Json.dll.18.drString found in binary or memory: http://www.digicert.com/CPS0
                              Source: AteraAgent.exe, 0000000D.00000002.2420125262.000001D0BAE1A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.w3.o
                              Source: AteraAgent.exe, 0000000D.00000002.2420125262.000001D0BAE1A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.w3.oh
                              Source: AteraAgent.exe, 0000000F.00000002.4739839137.0000025E007DB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E007EF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E007E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.P
                              Source: rundll32.exe, 00000005.00000002.2341611865.00000000047E4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2483405814.0000000004AD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.aterD
                              Source: AgentPackageAgentInformation.exe, 0000001C.00000002.3980162683.000001BB818DF000.00000004.00000800.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.6.dr, AlphaControlAgentInstallation.dll.18.dr, AlphaControlAgentInstallation.dll.4.drString found in binary or memory: https://agent-api.atera.com
                              Source: rundll32.exe, 00000004.00000003.2279701962.0000000004C02000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2291421210.0000000004400000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2341611865.00000000047E4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2341611865.0000000004741000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2350193018.0000000004B8F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2427395376.00000000046FC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2483405814.0000000004A31000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2483405814.0000000004AD4000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.2621254823.000001FE61AB0000.00000004.00000020.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.6.dr, AlphaControlAgentInstallation.dll.18.dr, AlphaControlAgentInstallation.dll.4.drString found in binary or memory: https://agent-api.atera.com/
                              Source: AgentPackageAgentInformation.exe, 00000014.00000002.2619394288.000001FE492B3000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000016.00000002.2621291158.000002A86674F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.3592707390.00000140BFC2F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.3789368598.000001AD000BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001C.00000002.3980162683.000001BB818DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production
                              Source: AteraAgent.exe, 0000000F.00000002.4739839137.0000025E007DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent
                              Source: rundll32.exe, 00000004.00000003.2279701962.0000000004C02000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2291421210.0000000004400000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2341611865.00000000047E4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2341611865.0000000004741000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2350193018.0000000004B8F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2427395376.00000000046FC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2483405814.0000000004A31000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2483405814.0000000004AD4000.00000004.00000800.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.6.dr, AlphaControlAgentInstallation.dll.18.dr, AlphaControlAgentInstallation.dll.4.drString found in binary or memory: https://agent-api.atera.com/Production/Agent/
                              Source: AteraAgent.exe, 0000000F.00000002.4739839137.0000025E007EF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E007E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/Age
                              Source: AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00304000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00242000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E007E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00092000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/AgentStarting
                              Source: AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00566000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E004C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/AgentStarting)
                              Source: AgentPackageAgentInformation.exe, 00000014.00000002.2619394288.000001FE492B3000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000016.00000002.2621291158.000002A86674F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.3592707390.00000140BFC2F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.3789368598.000001AD000BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001C.00000002.3980162683.000001BB818DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/CommandResult
                              Source: AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00304000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00242000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetCommands
                              Source: AteraAgent.exe, 0000000F.00000002.4739839137.0000025E007B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetCommands)
                              Source: AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00242000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetCommands8
                              Source: AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00304000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00242000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetCommandsFallback
                              Source: AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00304000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetCommandsFallback0
                              Source: AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetEnvironmentStatus
                              Source: AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00440000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetRecurringPackages
                              Source: AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00092000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetRecurringPackagesce
                              Source: AteraAgent.exe, 0000000F.00000002.4739839137.0000025E001C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetRecurringPackagesnection
                              Source: rundll32.exe, 00000005.00000002.2341611865.00000000047E4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2341611865.0000000004741000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2483405814.0000000004A31000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2483405814.0000000004AD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/track-event
                              Source: rundll32.exe, 00000004.00000003.2279701962.0000000004C33000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2291421210.0000000004431000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2350193018.0000000004BC0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4750635024.0000025E6EB92000.00000002.00000001.01000000.0000001A.sdmp, rundll32.exe, 00000012.00000003.2427395376.000000000472D000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000016.00000002.2620350123.000002A86664B000.00000002.00000001.01000000.00000019.sdmp, Newtonsoft.Json.dll.6.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.2.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.15.dr, Newtonsoft.Json.dll.18.drString found in binary or memory: https://github.com/JamesNK/Newtonsoft.Json
                              Source: System.ValueTuple.dll.2.drString found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf
                              Source: System.ValueTuple.dll.2.drString found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf8
                              Source: AteraAgent.exe, 0000000F.00000002.4753488973.0000025E6F162000.00000002.00000001.01000000.0000001B.sdmp, ICSharpCode.SharpZipLib.dll.2.drString found in binary or memory: https://github.com/icsharpcode/SharpZipLib
                              Source: AteraAgent.exe, 0000000F.00000002.4739839137.0000025E000CA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E000C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageAgentInformation/1.13/AgentPackageAgentI
                              Source: AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00195000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E001B6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00232000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00063000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/Agent.Package.Availability/0.16/Agent.Package.Availability.zip
                              Source: AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00195000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E001B6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E001BE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00189000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E0023A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00242000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00063000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/Agent.Package.IotPoc/0.2/Agent.Package.IotPoc.zip
                              Source: AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00195000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E001B6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00232000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00063000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/Agent.Package.Watchdog/1.7/Agent.Package.Watchdog.zip
                              Source: AteraAgent.exe, 0000000F.00000002.4739839137.0000025E000CA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E000C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageAgentInformation/38.0/AgentPackageAgentInformation
                              Source: AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00195000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E001B6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E001BE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00189000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E0023A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00242000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00063000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageNetworkDiscovery/13.0/AgentPackageNetworkDiscovery
                              Source: AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00195000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E001B6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E001BE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00189000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E0023A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00242000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00063000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageRuntimeInstaller/1.5/AgentPackageRuntimeInstaller.
                              Source: AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00195000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E001B6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E001BE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00189000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E0023A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00242000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00063000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageTaskScheduler/13.0/AgentPackageTaskScheduler.zip
                              Source: AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00195000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E001B6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00232000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00063000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.Availability/0.16/Agent.Package.Availability.z
                              Source: AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00195000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E001B6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E001BE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00189000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E0023A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00242000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00063000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.IotPoc/0.2/Agent.Package.IotPoc.zip
                              Source: AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00195000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E001B6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00232000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00063000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.Watchdog/1.7/Agent.Package.Watchdog.zip
                              Source: AteraAgent.exe, 0000000F.00000002.4739839137.0000025E000CA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E000C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageAgentInformation/38.0/AgentPackageAgentInformati
                              Source: AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00195000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E001B6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E001BE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00189000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E0023A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00242000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00063000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageNetworkDiscovery/23.9/AgentPackageNetworkDiscove
                              Source: AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00195000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E001B6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E001BE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00189000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E0023A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00242000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00063000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageRuntimeInstaller/1.6/AgentPackageRuntimeInstalle
                              Source: AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00195000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E001B6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E001BE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00189000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E0023A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00242000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00063000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageTaskScheduler/17.2/AgentPackageTaskScheduler.zip
                              Source: AteraAgent.exe, 0000000F.00000002.4739839137.0000025E0023A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00242000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageWindowsUpdate/24.6/AgentPackageWindowsUpdate.zip
                              Source: AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00195000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E001B6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00232000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00063000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/Agent.Package.Availability/13.0/Agent.Package.Availability.zip
                              Source: AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00195000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E001B6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E001BE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00189000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E0023A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00242000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00063000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/Agent.Package.IotPoc/13.0/Agent.Package.IotPoc.zip
                              Source: AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00195000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E001B6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00232000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00063000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/Agent.Package.Watchdog/13.0/Agent.Package.Watchdog.zip
                              Source: AteraAgent.exe, 0000000F.00000002.4739839137.0000025E000CA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E000C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageAgentInformation/22.7/AgentPackageAgentInformation
                              Source: AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00232000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageHeartbeat/16.9
                              Source: AteraAgent.exe, 0000000F.00000002.4739839137.0000025E0023A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00242000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageNetworkDiscovery/15.0/AgentPackageNetworkDiscovery
                              Source: AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00195000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E001B6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E001BE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00189000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E0023A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00242000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00063000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageRuntimeInstaller/13.0/AgentPackageRuntimeInstaller
                              Source: AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00195000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E001B6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E001BE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00189000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E0023A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00242000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00063000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageTaskScheduler/13.1/AgentPackageTaskScheduler.zip
                              Source: AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn
                              Source: AteraAgent.exe, 0000000F.00000002.4739839137.0000025E000E2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com
                              Source: AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00304000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=05ecc6e5-ecbe-426c-b21f-2f414d78087e
                              Source: AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00304000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=3a39f650-9aa7-486c-a971-f5b24a6e661c
                              Source: AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00242000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=3af72751-dbe9-4596-b6ee-6d67e84a5830
                              Source: AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00304000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=50e4cbc2-cc27-4e42-b044-8c7a8b8e200d
                              Source: AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00304000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=61d95b76-5b67-4486-9f2d-f8d365c1f79d
                              Source: AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00304000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=6369cfb0-4b84-4f4d-9006-15859c206f1e
                              Source: AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00242000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=9264d1e3-b040-4685-8c12-22cc4dee131b
                              Source: AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=9ead68d6-bdd5-4770-a068-8d3fb261cd22
                              Source: AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00242000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=b02e1ef0-ec67-47b3-a61c-d81850d0d964
                              Source: AteraAgent.exe, 0000000F.00000002.4739839137.0000025E000E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=bf7ca070-0a55-4d8e-8d7a-52b5cb49f44c
                              Source: AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00304000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=c7890d66-5dda-44b9-9266-433341b69fe6
                              Source: AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00304000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=d973c3b7-e1d5-4576-8927-c7ba728f6ebc
                              Source: AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00304000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e39b01e5-dc44-47cf-a0d2-d7bead94718e
                              Source: AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00092000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95fbc98a
                              Source: AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00242000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E001C2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00092000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00440000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95fbc98a-3c27-44ae-84cf
                              Source: AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00304000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/v2T
                              Source: rundll32.exe, 00000004.00000003.2279701962.0000000004C33000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2291421210.0000000004431000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2350193018.0000000004BC0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2427395376.000000000472D000.00000004.00000020.00020000.00000000.sdmp, registration.msi, MSIE596.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, 41c382.msi.2.dr, MSIE6C0.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.18.dr, MSIE49B.tmp.2.drString found in binary or memory: https://www.digicert.com/CPS0
                              Source: rundll32.exe, 00000004.00000003.2279701962.0000000004C33000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2291421210.0000000004431000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2350193018.0000000004BC0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2427395376.000000000472D000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.6.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.18.drString found in binary or memory: https://www.newtonsoft.com/json
                              Source: Newtonsoft.Json.dll.18.drString found in binary or memory: https://www.newtonsoft.com/jsonschema
                              Source: rundll32.exe, 00000004.00000003.2279701962.0000000004C33000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2291421210.0000000004431000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2350193018.0000000004BC0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4750635024.0000025E6EB92000.00000002.00000001.01000000.0000001A.sdmp, rundll32.exe, 00000012.00000003.2427395376.000000000472D000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000016.00000002.2620350123.000002A86664B000.00000002.00000001.01000000.00000019.sdmp, Newtonsoft.Json.dll.6.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.2.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.15.dr, Newtonsoft.Json.dll.18.drString found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49986
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50145 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50218
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50339
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49949 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50007 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50056
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50330
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50225 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50211
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50334 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50319 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50334
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50131 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50022 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50154 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50182
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50063
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50184
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50211 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50343 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49977
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49976
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50107
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50349
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50018 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50091 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50056 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50339 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50344
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50101
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50343
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50225
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50224
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50240 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50070
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50107 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50195
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49965
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50088 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50238
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49963
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50118
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50195 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50239
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50015 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50076
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50230
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50350
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50199
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50114 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50231
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50246 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50130 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50076 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50114
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49986 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50303 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49963 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50031 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50043 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49959
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50272 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50326 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50007
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50006
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50280 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50142 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50240
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50089
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50088
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50126
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50224 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50246
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50091
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50323 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50136 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50250
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50294 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50006 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49949
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50218 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49997 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50018
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50131
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50097
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50130
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50132
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50330 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50014
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50258
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50015
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50136
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50350 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50238 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50184 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49965 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50140
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50261
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49977 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50230 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50304
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50303
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50173 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50035 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50307
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50014 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50142
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50262
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50070 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50261 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50282 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50022
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50145
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50046 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50272
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50258 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50304 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50250 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50329 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50063 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49976 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50166 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50319
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50118 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50031
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50200 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50154
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50262 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50035
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50208 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50182 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50322 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50280
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50282
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50307 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50140 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50089 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49912
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50349 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49998
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49997
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50326
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50208
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50329
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50043
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50284 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50284
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50166
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50322
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50046
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50200
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50097 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50323
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49959 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50132 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50239 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50173
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50294
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49906
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50126 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50199 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50101 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50344 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50231 -> 443
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:49774 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:49775 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 108.158.75.12:443 -> 192.168.2.6:49795 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:49950 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:49949 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:49965 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:49963 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:49977 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:49985 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:49986 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50006 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50015 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50014 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50018 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50046 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50056 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50088 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50091 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50097 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50114 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50118 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50126 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50130 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50132 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50131 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50136 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50140 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50142 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50145 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50154 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50166 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50173 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50182 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50184 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50195 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50199 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50200 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50208 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50211 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50218 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50225 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50224 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50230 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50231 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50238 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50239 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50240 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50246 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50250 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.6:50258 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.6:50261 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.6:50262 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.6:50272 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.6:50280 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.6:50282 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.6:50284 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.6:50294 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.6:50303 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.6:50304 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.6:50307 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.6:50319 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.6:50322 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.6:50323 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.6:50326 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.6:50329 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.6:50330 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.6:50334 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.6:50339 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.6:50350 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.6:50349 version: TLS 1.2
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1Jump to dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944Jump to dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BA74182F76F15A9CF514DEF352303C95Jump to dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141Jump to dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4Jump to dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEBJump to dropped file

                              Spam, unwanted Advertisements and Ransom Demands

                              barindex
                              Reads the Security eventlog
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\AlphaAgent
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\AlphaAgent
                              Reads the System eventlog
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\AteraAgentJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\AlphaAgent
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess Stats: CPU usage > 49%
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\41c382.msiJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC4F9.tmpJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICAE6.tmpJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE1CA.tmpJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{E732A0D7-A2F2-4657-AC41-B19742648E45}Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE49A.tmpJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE49B.tmpJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE596.tmpJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE6C0.tmpJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\41c384.msiJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\41c384.msiJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFFD7.tmpJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIC4F9.tmp-Jump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIC4F9.tmp-\AlphaControlAgentInstallation.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIC4F9.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIC4F9.tmp-\Newtonsoft.Json.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIC4F9.tmp-\System.Management.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIC4F9.tmp-\CustomAction.configJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSICAE6.tmp-Jump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSICAE6.tmp-\AlphaControlAgentInstallation.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSICAE6.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSICAE6.tmp-\Newtonsoft.Json.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSICAE6.tmp-\System.Management.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSICAE6.tmp-\CustomAction.configJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIE1CA.tmp-Jump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIE1CA.tmp-\AlphaControlAgentInstallation.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIE1CA.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIE1CA.tmp-\Newtonsoft.Json.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIE1CA.tmp-\System.Management.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIE1CA.tmp-\CustomAction.configJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\InstallUtil.InstallLogJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEBJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEBJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141Jump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141Jump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944Jump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944Jump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BA74182F76F15A9CF514DEF352303C95
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BA74182F76F15A9CF514DEF352303C95
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1A374813EDB1A6631387E414D3E73232
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1A374813EDB1A6631387E414D3E73232
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\329B6147266C1E26CD774EA22B79EC2E
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\329B6147266C1E26CD774EA22B79EC2E
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIFFD7.tmp-
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIFFD7.tmp-\AlphaControlAgentInstallation.dll
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIFFD7.tmp-\Microsoft.Deployment.WindowsInstaller.dll
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIFFD7.tmp-\Newtonsoft.Json.dll
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIFFD7.tmp-\System.Management.dll
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIFFD7.tmp-\CustomAction.config
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageAgentInformation.exe.log
                              Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSIC4F9.tmpJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_3_06A900405_3_06A90040
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_3_04E150B86_3_04E150B8
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_3_04E159A86_3_04E159A8
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_3_04E14D686_3_04E14D68
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD341CC92213_2_00007FFD341CC922
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD341CBB7613_2_00007FFD341CBB76
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD341C0C1D13_2_00007FFD341C0C1D
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 15_2_00007FFD34190D4215_2_00007FFD34190D42
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 15_2_00007FFD3419CFB815_2_00007FFD3419CFB8
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 15_2_00007FFD3419A7FA15_2_00007FFD3419A7FA
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 15_2_00007FFD341CF07815_2_00007FFD341CF078
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 15_2_00007FFD341CF22015_2_00007FFD341CF220
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 15_2_00007FFD341A1CF015_2_00007FFD341A1CF0
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 15_2_00007FFD34199AF215_2_00007FFD34199AF2
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 15_2_00007FFD343AC4FB15_2_00007FFD343AC4FB
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 15_2_00007FFD343AE63D15_2_00007FFD343AE63D
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 15_2_00007FFD343A1FDB15_2_00007FFD343A1FDB
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 15_2_00007FFD343B4D3515_2_00007FFD343B4D35
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 15_2_00007FFD343A2D7015_2_00007FFD343A2D70
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_3_06DB004018_3_06DB0040
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 20_2_00007FFD341E047D20_2_00007FFD341E047D
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 20_2_00007FFD341C868220_2_00007FFD341C8682
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 20_2_00007FFD341C182820_2_00007FFD341C1828
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 20_2_00007FFD341D108C20_2_00007FFD341D108C
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 20_2_00007FFD341C78D620_2_00007FFD341C78D6
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 20_2_00007FFD341CFA9420_2_00007FFD341CFA94
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 20_2_00007FFD341CBDB020_2_00007FFD341CBDB0
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 20_2_00007FFD341D10C020_2_00007FFD341D10C0
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 20_2_00007FFD341C30CD20_2_00007FFD341C30CD
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 20_2_00007FFD341C31FA20_2_00007FFD341C31FA
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 20_2_00007FFD341C12FA20_2_00007FFD341C12FA
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 22_2_00007FFD341D047D22_2_00007FFD341D047D
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 22_2_00007FFD341B868222_2_00007FFD341B8682
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 22_2_00007FFD341BB73922_2_00007FFD341BB739
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 22_2_00007FFD341B182822_2_00007FFD341B1828
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 22_2_00007FFD341C108C22_2_00007FFD341C108C
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 22_2_00007FFD341B78D622_2_00007FFD341B78D6
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 22_2_00007FFD341BFA9422_2_00007FFD341BFA94
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 22_2_00007FFD341BBDB022_2_00007FFD341BBDB0
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 22_2_00007FFD341C10C022_2_00007FFD341C10C0
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 22_2_00007FFD341B30CD22_2_00007FFD341B30CD
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 22_2_00007FFD341B31FA22_2_00007FFD341B31FA
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 22_2_00007FFD341B12FB22_2_00007FFD341B12FB
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 24_2_00007FFD341A868224_2_00007FFD341A8682
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 24_2_00007FFD341AB73924_2_00007FFD341AB739
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 24_2_00007FFD341B100A24_2_00007FFD341B100A
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 24_2_00007FFD341A78D624_2_00007FFD341A78D6
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 24_2_00007FFD341AFA9424_2_00007FFD341AFA94
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 24_2_00007FFD341ABD1024_2_00007FFD341ABD10
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 24_2_00007FFD341ADE1D24_2_00007FFD341ADE1D
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 24_2_00007FFD341B10C024_2_00007FFD341B10C0
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 24_2_00007FFD341A12FB24_2_00007FFD341A12FB
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 26_2_00007FFD341C868226_2_00007FFD341C8682
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 26_2_00007FFD341C78D626_2_00007FFD341C78D6
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 26_2_00007FFD341C30CD26_2_00007FFD341C30CD
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 26_2_00007FFD341C12FA26_2_00007FFD341C12FA
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 26_2_00007FFD341C31FA26_2_00007FFD341C31FA
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 26_2_00007FFD341E047D26_2_00007FFD341E047D
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 26_2_00007FFD341D100A26_2_00007FFD341D100A
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 26_2_00007FFD341CFA9426_2_00007FFD341CFA94
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 26_2_00007FFD341CBDB026_2_00007FFD341CBDB0
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 26_2_00007FFD341D10C026_2_00007FFD341D10C0
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 28_2_00007FFD341B868228_2_00007FFD341B8682
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 28_2_00007FFD341B78D628_2_00007FFD341B78D6
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 28_2_00007FFD341B182828_2_00007FFD341B1828
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 28_2_00007FFD341B30CD28_2_00007FFD341B30CD
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 28_2_00007FFD341B12FB28_2_00007FFD341B12FB
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 28_2_00007FFD341B31FA28_2_00007FFD341B31FA
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 28_2_00007FFD341D047D28_2_00007FFD341D047D
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 28_2_00007FFD341C108C28_2_00007FFD341C108C
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 28_2_00007FFD341BFA9428_2_00007FFD341BFA94
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 28_2_00007FFD341BBDB028_2_00007FFD341BBDB0
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 28_2_00007FFD341C10C028_2_00007FFD341C10C0
                              Source: Joe Sandbox ViewDropped File: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe A96A0BA7998A6956C8073B6EFF9306398CC03FB9866E4CABF0810A69BB2A43B2
                              Source: Joe Sandbox ViewDropped File: C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dll 443A1C088E62810A954FFE9F0136F7A8D5E44928425D23B5284D936270D9837A
                              Source: registration.msiBinary or memory string: OriginalFilenameAlphaControlAgentInstallation.dll\ vs registration.msi
                              Source: registration.msiBinary or memory string: OriginalFilenameSfxCA.dll\ vs registration.msi
                              Source: registration.msiBinary or memory string: OriginalFilenamewixca.dll\ vs registration.msi
                              Source: AteraAgent.exe.2.dr, SignatureValidator.csBase64 encoded string: 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0YmxeR/2wifvwd/MQXb/5tsLsvlMs50tmraklX8MKsU1EgEpRZ+W0Ro1ZHoLhQG53oq9hPz9bmJge78yZr6l1QJWz6wCj+yQUxM5f0gt4fHEf2yA94Tklnds7JPr2vQRb5rjAnxnt7722oWFc1bxFFsIcIhOI/EHYCE0qSPE1pKMXALkHZYoDQEFUu3YgEc0Oo7ClJNFrB75g6tVZRqGKxVvYQBb9zKDxhBRnDkhZuB7D1gRaR9PNwCr7tVtPt40c+CCf5ktUkeu4JzaiEipWvKYgRvotqsFtZF5uFso2UmdvxO+lIw9i/GPDfgS4JhKu/Y9lCuaan+xEluhSK0vpQIDAQAB'
                              Source: classification engineClassification label: mal88.troj.spyw.evad.winMSI@43/88@29/3
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA NetworksJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.logJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMutant created: NULL
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMutant created: \Sessions\1\BaseNamedObjects\Global\netfxeventlog.1.0
                              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5788:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6424:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:356:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5848:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5672:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:4820:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:2992:120:WilError_03
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMutant created: \BaseNamedObjects\Global\netfxeventlog.1.0
                              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5200:120:WilError_03
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\TEMP\~DF4630E950FA28A864.TMPJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;AteraAgent.exe&quot;)
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile read: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.ini
                              Source: C:\Windows\System32\msiexec.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIC4F9.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4310406 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
                              Source: taskkill.exe, 0000000B.00000002.2362910297.0000000002B90000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process;1Q
                              Source: registration.msiStatic file information: TRID: Microsoft Windows Installer (60509/1) 57.88%
                              Source: registration.msiReversingLabs: Detection: 28%
                              Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\registration.msi"
                              Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
                              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 3D043D01D69573A731BD32BF0EBA042E
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIC4F9.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4310406 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSICAE6.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4311812 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIE1CA.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4317703 11 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
                              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding ED6036EDFA306B6AD29B763B80D7974F E Global\MSI0000
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgent
                              Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 STOP AteraAgent
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exe
                              Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="1vf5mpi5iyis@upsnab.net" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000Kh41eIAB" /AgentId="95fbc98a-3c27-44ae-84cf-9e3acc292491"
                              Source: unknownProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                              Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIFFD7.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4325359 33 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95fbc98a-3c27-44ae-84cf-9e3acc292491 "e8d80795-1e07-47b3-9c87-186f671b6a15" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000Kh41eIAB
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95fbc98a-3c27-44ae-84cf-9e3acc292491 "84e6126d-3464-4d76-9c19-0160eafb16a0" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000Kh41eIAB
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95fbc98a-3c27-44ae-84cf-9e3acc292491 "e3e24934-4319-48e9-bf87-d4583f7e9574" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000Kh41eIAB
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95fbc98a-3c27-44ae-84cf-9e3acc292491 "bafe3b2c-3bd0-4df3-abe5-6f6b048de27b" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000Kh41eIAB
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95fbc98a-3c27-44ae-84cf-9e3acc292491 "5da68ded-3041-4a37-bb29-975445cce246" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000Kh41eIAB
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 3D043D01D69573A731BD32BF0EBA042EJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding ED6036EDFA306B6AD29B763B80D7974F E Global\MSI0000Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="1vf5mpi5iyis@upsnab.net" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000Kh41eIAB" /AgentId="95fbc98a-3c27-44ae-84cf-9e3acc292491"Jump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIC4F9.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4310406 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentIdJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSICAE6.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4311812 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStartJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIE1CA.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4317703 11 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallationJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIFFD7.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4325359 33 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEndJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgentJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exeJump to behavior
                              Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 STOP AteraAgentJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95fbc98a-3c27-44ae-84cf-9e3acc292491 "e8d80795-1e07-47b3-9c87-186f671b6a15" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000Kh41eIAB
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95fbc98a-3c27-44ae-84cf-9e3acc292491 "84e6126d-3464-4d76-9c19-0160eafb16a0" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000Kh41eIAB
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95fbc98a-3c27-44ae-84cf-9e3acc292491 "e3e24934-4319-48e9-bf87-d4583f7e9574" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000Kh41eIAB
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95fbc98a-3c27-44ae-84cf-9e3acc292491 "bafe3b2c-3bd0-4df3-abe5-6f6b048de27b" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000Kh41eIAB
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95fbc98a-3c27-44ae-84cf-9e3acc292491 "5da68ded-3041-4a37-bb29-975445cce246" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000Kh41eIAB
                              Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: textinputframework.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: textshaping.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: msihnd.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cabinet.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cabinet.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cabinet.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cabinet.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net.exeSection loaded: wkscli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net.exeSection loaded: samcli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net.exeSection loaded: iphlpapi.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net1.exeSection loaded: samcli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net1.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net1.exeSection loaded: dsrole.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net1.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net1.exeSection loaded: wkscli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net1.exeSection loaded: logoncli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net1.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: version.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: urlmon.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: msasn1.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: riched20.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: usp10.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: msls31.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: gpapi.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptnet.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: iphlpapi.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: winnsi.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: winhttp.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: mswsock.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dhcpcsvc6.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dhcpcsvc.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: webio.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dnsapi.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rasadhlp.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: fwpuclnt.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: wbemcomn.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: amsi.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: mscoree.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: version.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: windows.storage.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: wldp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: profapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptsp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rsaenh.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptbase.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: propsys.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: edputil.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: urlmon.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: iertutil.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: srvcli.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: netutils.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: windows.staterepositoryps.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: sspicli.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: wintypes.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: appresolver.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: bcp47langs.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: slc.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: userenv.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: sppc.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: onecorecommonproxystub.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: onecoreuapcommonproxystub.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rasapi32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rasman.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rtutils.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: mswsock.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: winhttp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ondemandconnroutehelper.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: iphlpapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dhcpcsvc6.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dhcpcsvc.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dnsapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: winnsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rasadhlp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: fwpuclnt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: secur32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: schannel.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: mskeyprotect.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ntasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ncrypt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ncryptsslp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: msasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: gpapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: wbemcomn.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: amsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptnet.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: webio.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: apphelp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mscoree.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: apphelp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: version.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptsp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rsaenh.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptbase.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: windows.storage.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wldp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: profapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wbemcomn.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: amsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: userenv.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasapi32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasman.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rtutils.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mswsock.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winhttp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ondemandconnroutehelper.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: iphlpapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc6.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dnsapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winnsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasadhlp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: fwpuclnt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: secur32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: sspicli.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: schannel.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mskeyprotect.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ntasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncrypt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncryptsslp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: msasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: gpapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mscoree.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: version.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptsp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rsaenh.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptbase.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: windows.storage.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wldp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: profapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wbemcomn.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: amsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: userenv.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasapi32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasman.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rtutils.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mswsock.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winhttp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ondemandconnroutehelper.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: iphlpapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc6.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dnsapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winnsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasadhlp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: fwpuclnt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: secur32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: sspicli.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: schannel.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mskeyprotect.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ntasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncrypt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncryptsslp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: msasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: gpapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mscoree.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: version.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptsp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rsaenh.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptbase.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: windows.storage.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wldp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: profapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wbemcomn.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: amsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: userenv.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasapi32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasman.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rtutils.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mswsock.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winhttp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ondemandconnroutehelper.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: iphlpapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc6.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dnsapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winnsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasadhlp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: fwpuclnt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: secur32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: sspicli.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: schannel.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mskeyprotect.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ntasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncrypt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncryptsslp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: msasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: gpapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mscoree.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: version.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptsp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rsaenh.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptbase.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: windows.storage.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wldp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: profapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wbemcomn.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: amsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: userenv.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasapi32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasman.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rtutils.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mswsock.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winhttp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ondemandconnroutehelper.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: iphlpapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc6.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dnsapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winnsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasadhlp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: fwpuclnt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: secur32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: sspicli.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: schannel.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mskeyprotect.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ntasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncrypt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncryptsslp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: msasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: gpapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mscoree.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: version.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptsp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rsaenh.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptbase.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: windows.storage.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wldp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: profapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wbemcomn.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: amsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: userenv.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasapi32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasman.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rtutils.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mswsock.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winhttp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ondemandconnroutehelper.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: iphlpapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc6.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dnsapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winnsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasadhlp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: fwpuclnt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: secur32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: sspicli.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: schannel.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mskeyprotect.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ntasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncrypt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncryptsslp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: msasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: gpapi.dll
                              Source: C:\Windows\SysWOW64\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32Jump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile written: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.ini
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
                              Source: registration.msiStatic file information: File size 2994176 > 1048576
                              Source: Binary string: D:\a\1\s\AgentPackageAgentInformation\AgentPackageAgentInformation\obj\Release\AgentPackageAgentInformation.pdb source: AgentPackageAgentInformation.exe, 00000014.00000000.2580452917.000001FE48962000.00000002.00000001.01000000.00000016.sdmp, AgentPackageAgentInformation.exe.15.dr
                              Source: Binary string: D:\a\1\s\AlphaControlAgentInstallation\obj\Release\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000004.00000003.2279701962.0000000004C02000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2291421210.0000000004400000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2338894865.00000000029A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2347431568.0000000007033000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2350193018.0000000004B8F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2481662391.0000000002C85000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2427395376.00000000046FC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2484645083.0000000007330000.00000004.00000020.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.6.dr, AlphaControlAgentInstallation.dll.18.dr, AlphaControlAgentInstallation.dll.4.dr
                              Source: Binary string: \??\C:\Windows\symbols\dll\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000005.00000002.2338894865.0000000002A16000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: \??\C:\Windows\AlphaControlAgentInstallation.pdbCn source: rundll32.exe, 00000012.00000002.2481662391.0000000002C85000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: AgentPackageAgentInformation.exe, 00000016.00000002.2620350123.000002A86664B000.00000002.00000001.01000000.00000019.sdmp, Newtonsoft.Json.dll.15.dr
                              Source: Binary string: \??\C:\Windows\symbols\dll\System.pdbpH source: rundll32.exe, 00000005.00000002.2347431568.0000000007022000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb<$ source: AteraAgent.exe, 0000000D.00000000.2366604814.000001D0B8FF2000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe.2.dr
                              Source: Binary string: System.pdbN|2h|2 Z|2_CorDllMainmscoree.dll source: rundll32.exe, 00000005.00000002.2347431568.0000000007022000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: rundll32.exe, 00000004.00000003.2279701962.0000000004C33000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2291421210.0000000004431000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2350193018.0000000004BC0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4750635024.0000025E6EB92000.00000002.00000001.01000000.0000001A.sdmp, rundll32.exe, 00000012.00000003.2427395376.000000000472D000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000016.00000002.2620350123.000002A86664B000.00000002.00000001.01000000.00000019.sdmp, Newtonsoft.Json.dll.6.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.2.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.15.dr, Newtonsoft.Json.dll.18.dr
                              Source: Binary string: l\System.pdb source: rundll32.exe, 00000012.00000002.2481662391.0000000002CFE000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: C:\Windows\AlphaControlAgentInstallation.pdbpdbion.pdb source: rundll32.exe, 00000012.00000002.2481662391.0000000002CFE000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdb source: AgentPackageAgentInformation.exe, 00000014.00000002.2619260815.000001FE49192000.00000002.00000001.01000000.00000018.sdmp, Atera.AgentPackage.Common.dll.15.dr
                              Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netstandard1.0\System.ValueTuple.pdb source: System.ValueTuple.dll.2.dr
                              Source: Binary string: \??\C:\Windows\dll\AlphaControlAgentInstallation.pdbCDSD source: rundll32.exe, 00000005.00000002.2347431568.0000000007022000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: C:\Windows\AlphaControlAgentInstallation.pdbpdbion.pdbD\Enco source: rundll32.exe, 00000005.00000002.2338894865.0000000002A20000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: \??\C:\Windows\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000005.00000002.2338894865.00000000029A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2481662391.0000000002C85000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: \??\C:\Windows\Installer\MSIFFD7.tmp-\AlphaControlAgentInstallation.PDBk.Q source: rundll32.exe, 00000012.00000002.2481662391.0000000002C85000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: m\C:\Windows\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000005.00000002.2338335084.00000000024D7000.00000004.00000010.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2481375475.00000000027F7000.00000004.00000010.00020000.00000000.sdmp
                              Source: Binary string: C:\agent\_work\66\s\build\ship\x86\wixca.pdb source: registration.msi, MSIE596.tmp.2.dr, 41c382.msi.2.dr, MSIE6C0.tmp.2.dr, MSIE49B.tmp.2.dr
                              Source: Binary string: dows\dll\System.pdb source: rundll32.exe, 00000005.00000002.2338894865.0000000002A20000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2481662391.0000000002CFE000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: \??\C:\Windows\System.pdb source: rundll32.exe, 00000005.00000002.2347431568.0000000007022000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2484645083.0000000007330000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdbP source: rundll32.exe, 00000004.00000003.2279701962.0000000004C02000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2291421210.0000000004400000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2350193018.0000000004B8F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2427395376.00000000046FC000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.18.dr
                              Source: Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdbPf source: AgentPackageAgentInformation.exe, 00000014.00000002.2619260815.000001FE49192000.00000002.00000001.01000000.00000018.sdmp, Atera.AgentPackage.Common.dll.15.dr
                              Source: Binary string: \??\C:\Windows\dll\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000005.00000002.2347431568.0000000007022000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: System.pdb source: rundll32.exe, 00000005.00000002.2347431568.0000000007022000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: \??\C:\Windows\Installer\MSIFFD7.tmp-\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000012.00000002.2481662391.0000000002C85000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: BouncyCastle.Crypto.pdbSHA256 source: BouncyCastle.Crypto.dll.2.dr
                              Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdb source: rundll32.exe, 00000004.00000003.2279701962.0000000004C02000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2291421210.0000000004400000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2350193018.0000000004B8F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2427395376.00000000046FC000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.18.dr
                              Source: Binary string: \??\C:\Windows\System.pdbalth source: rundll32.exe, 00000012.00000002.2484645083.0000000007330000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb source: AteraAgent.exe, 0000000D.00000000.2366604814.000001D0B8FF2000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe.2.dr
                              Source: Binary string: \??\C:\Windows\symbols\dll\AlphaControlAgentInstallation.pdbs[F source: rundll32.exe, 00000012.00000002.2481662391.0000000002CEB000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netstandard1.0\System.ValueTuple.pdbSHA256 source: System.ValueTuple.dll.2.dr
                              Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: rundll32.exe, 00000005.00000002.2338894865.0000000002A20000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2481662391.0000000002C85000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdbSHA256 source: AteraAgent.exe, 0000000D.00000002.2421806948.000001D0D3562000.00000002.00000001.01000000.00000011.sdmp, Pubnub.dll.2.dr
                              Source: Binary string: \??\C:\Windows\AlphaControlAgentInstallation.pdbviderW source: rundll32.exe, 00000005.00000002.2338894865.00000000029A5000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdb source: AteraAgent.exe, 0000000D.00000002.2421806948.000001D0D3562000.00000002.00000001.01000000.00000011.sdmp, Pubnub.dll.2.dr
                              Source: Binary string: \??\C:\Windows\symbols\dll\System.pdbeH*c% source: rundll32.exe, 00000005.00000002.2347431568.0000000007022000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: mC:\Windows\Installer\MSICAE6.tmp-\AlphaControlAgentInstallation.pdbU source: rundll32.exe, 00000005.00000002.2338335084.00000000024D7000.00000004.00000010.00020000.00000000.sdmp
                              Source: Binary string: C:\agent\_work\66\s\build\ship\x86\SfxCA.pdb source: registration.msi, 41c382.msi.2.dr, MSIC4F9.tmp.2.dr, MSIFFD7.tmp.2.dr, MSICAE6.tmp.2.dr
                              Source: Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdbSHA256mW source: AteraAgent.exe, 0000000F.00000002.4753488973.0000025E6F162000.00000002.00000001.01000000.0000001B.sdmp, ICSharpCode.SharpZipLib.dll.2.dr
                              Source: Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdb source: AteraAgent.exe, 0000000F.00000002.4753488973.0000025E6F162000.00000002.00000001.01000000.0000001B.sdmp, ICSharpCode.SharpZipLib.dll.2.dr
                              Source: Binary string: BouncyCastle.Crypto.pdb source: BouncyCastle.Crypto.dll.2.dr
                              Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA2567 source: rundll32.exe, 00000004.00000003.2279701962.0000000004C33000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2291421210.0000000004431000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2350193018.0000000004BC0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4750635024.0000025E6EB92000.00000002.00000001.01000000.0000001A.sdmp, rundll32.exe, 00000012.00000003.2427395376.000000000472D000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.6.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.2.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.18.dr
                              Source: Binary string: \??\C:\Windows\Installer\MSICAE6.tmp-\AlphaControlAgentInstallation.pdb4 source: rundll32.exe, 00000005.00000002.2338894865.00000000029A5000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: mC:\Windows\Installer\MSIFFD7.tmp-\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000012.00000002.2481375475.00000000027F7000.00000004.00000010.00020000.00000000.sdmp
                              Source: Binary string: \??\C:\Windows\symbols\dll\AlphaControlAgentInstallation.pdbes source: rundll32.exe, 00000012.00000002.2481662391.0000000002CEB000.00000004.00000020.00020000.00000000.sdmp
                              Source: BouncyCastle.Crypto.dll.2.drStatic PE information: 0xE49A52B3 [Sun Jul 15 06:22:43 2091 UTC]
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 15_2_00007FFD343A5835 push esp; retn 5F2Eh15_2_00007FFD343A62D9
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 15_2_00007FFD343A7BCD push ss; ret 15_2_00007FFD343A7C17
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 15_2_00007FFD343A63E8 push eax; ret 15_2_00007FFD343A6444
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_3_06DB84A1 push es; ret 18_3_06DB84B0
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 20_2_00007FFD341D5587 push ebp; iretd 20_2_00007FFD341D55D8
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 22_2_00007FFD341C5587 push ebp; iretd 22_2_00007FFD341C55D8
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 28_2_00007FFD341C5587 push ebp; iretd 28_2_00007FFD341C55D8

                              Persistence and Installation Behavior

                              barindex
                              Creates files in the system32 config directory
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEBJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEBJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141Jump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141Jump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944Jump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944Jump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BA74182F76F15A9CF514DEF352303C95
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BA74182F76F15A9CF514DEF352303C95
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1A374813EDB1A6631387E414D3E73232
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1A374813EDB1A6631387E414D3E73232
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\329B6147266C1E26CD774EA22B79EC2E
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\329B6147266C1E26CD774EA22B79EC2E
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageAgentInformation.exe.log
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIC4F9.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICAE6.tmpJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFFD7.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSICAE6.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIC4F9.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSICAE6.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIE1CA.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSICAE6.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE596.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIFFD7.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIFFD7.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIC4F9.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIE1CA.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE6C0.tmpJump to dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIFFD7.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE1CA.tmpJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE49B.tmpJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\System.ValueTuple.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIFFD7.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC4F9.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIE1CA.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIE1CA.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIC4F9.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSICAE6.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIC4F9.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICAE6.tmpJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFFD7.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIFFD7.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC4F9.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSICAE6.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIE1CA.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIC4F9.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSICAE6.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIE1CA.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIE1CA.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSICAE6.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE596.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIFFD7.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIFFD7.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIC4F9.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIC4F9.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIE1CA.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE6C0.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSICAE6.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIFFD7.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE1CA.tmpJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE49B.tmpJump to dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\InstallUtil.InstallLogJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLogJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\ApplicationJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgent
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key monitored for changes: HKEY_USERS.DEFAULT\Software\Microsoft\SystemCertificates\CA
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey value created or modified: HKEY_USERS.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C Blob
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX

                              Malware Analysis System Evasion

                              barindex
                              Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMemory allocated: 1D0BAB00000 memory reserve | memory write watchJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMemory allocated: 1D0D2D60000 memory reserve | memory write watchJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMemory allocated: 25E6DF80000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMemory allocated: 25E6E1D0000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 1FE48CB0000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 1FE61230000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 2A865E90000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 2A87E690000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 140BF420000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 140D7B70000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 1AD7B350000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 1AD7B5B0000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 1BB81760000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 1BB99820000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWindow / User API: threadDelayed 5908
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWindow / User API: threadDelayed 3780
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIC4F9.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSICAE6.tmpJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIFFD7.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSICAE6.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSICAE6.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIC4F9.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE1CA.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSICAE6.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE596.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIFFD7.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIFFD7.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIC4F9.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE1CA.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE6C0.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIFFD7.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE1CA.tmpJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE49B.tmpJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\System.ValueTuple.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIFFD7.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIC4F9.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE1CA.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE1CA.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIC4F9.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSICAE6.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exe TID: 1048Thread sleep time: -30000s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 4916Thread sleep time: -60000s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 3856Thread sleep time: -922337203685477s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 3916Thread sleep count: 5908 > 30
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 3916Thread sleep count: 3780 > 30
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 3424Thread sleep time: -27670116110564310s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 3424Thread sleep time: -30000s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 3908Thread sleep time: -160000s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 3460Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 2632Thread sleep time: -180000s >= -30000s
                              Source: C:\Windows\SysWOW64\rundll32.exe TID: 3560Thread sleep time: -30000s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 2736Thread sleep time: -30000s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 528Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 3856Thread sleep time: -30000s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5984Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6272Thread sleep time: -30000s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6228Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5544Thread sleep time: -30000s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6816Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6600Thread sleep time: -30000s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6872Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 30000
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 90000
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                              Source: AgentPackageAgentInformation.exe.15.drBinary or memory string: VIRUSfighterAVMware Carbon Black Cloud Sensor7VMware Carbon Black Defense/VMware Carbon Black EDR9VMware Carbon Black Response
                              Source: AteraAgent.exe, 0000000D.00000002.2421031200.000001D0D3456000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWy
                              Source: rundll32.exe, 00000005.00000002.2338894865.00000000029A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllE
                              Source: AteraAgent.exe, 0000000D.00000002.2421031200.000001D0D34A2000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2421644078.000001D0D3508000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4752793452.0000025E6EEBF000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4751349828.0000025E6ED90000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4749463408.0000025E6EA16000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                              Source: rundll32.exe, 00000012.00000002.2481662391.0000000002CEB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll_
                              Source: AgentPackageAgentInformation.exe, 00000016.00000002.2622542934.000002A87EDA4000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.3594676715.00000140D832A000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.3794289217.000001AD7BE21000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001C.00000002.3989509307.000001BB9A19A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                              Source: AgentPackageAgentInformation.exe, 00000014.00000002.2621254823.000001FE61AB0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll__
                              Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess token adjusted: Debug
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess token adjusted: Debug
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess token adjusted: Debug
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess token adjusted: Debug
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess token adjusted: Debug
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess token adjusted: Debug
                              Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: page read and write | page guardJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="1vf5mpi5iyis@upsnab.net" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000Kh41eIAB" /AgentId="95fbc98a-3c27-44ae-84cf-9e3acc292491"Jump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgentJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exeJump to behavior
                              Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 STOP AteraAgentJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95fbc98a-3c27-44ae-84cf-9e3acc292491 "e8d80795-1e07-47b3-9c87-186f671b6a15" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000Kh41eIAB
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95fbc98a-3c27-44ae-84cf-9e3acc292491 "84e6126d-3464-4d76-9c19-0160eafb16a0" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000Kh41eIAB
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95fbc98a-3c27-44ae-84cf-9e3acc292491 "e3e24934-4319-48e9-bf87-d4583f7e9574" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000Kh41eIAB
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95fbc98a-3c27-44ae-84cf-9e3acc292491 "bafe3b2c-3bd0-4df3-abe5-6f6b048de27b" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000Kh41eIAB
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95fbc98a-3c27-44ae-84cf-9e3acc292491 "5da68ded-3041-4a37-bb29-975445cce246" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000Kh41eIAB
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exeJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "c:\program files (x86)\atera networks\ateraagent\ateraagent.exe" /i /integratorlogin="1vf5mpi5iyis@upsnab.net" /companyid="1" /integratorloginui="" /companyidui="" /folderid="" /accountid="001q300000kh41eiab" /agentid="95fbc98a-3c27-44ae-84cf-9e3acc292491"
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 95fbc98a-3c27-44ae-84cf-9e3acc292491 "e8d80795-1e07-47b3-9c87-186f671b6a15" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000kh41eiab
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 95fbc98a-3c27-44ae-84cf-9e3acc292491 "84e6126d-3464-4d76-9c19-0160eafb16a0" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000kh41eiab
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 95fbc98a-3c27-44ae-84cf-9e3acc292491 "e3e24934-4319-48e9-bf87-d4583f7e9574" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000kh41eiab
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 95fbc98a-3c27-44ae-84cf-9e3acc292491 "bafe3b2c-3bd0-4df3-abe5-6f6b048de27b" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000kh41eiab
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 95fbc98a-3c27-44ae-84cf-9e3acc292491 "5da68ded-3041-4a37-bb29-975445cce246" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000kh41eiab
                              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "c:\program files (x86)\atera networks\ateraagent\ateraagent.exe" /i /integratorlogin="1vf5mpi5iyis@upsnab.net" /companyid="1" /integratorloginui="" /companyidui="" /folderid="" /accountid="001q300000kh41eiab" /agentid="95fbc98a-3c27-44ae-84cf-9e3acc292491"Jump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 95fbc98a-3c27-44ae-84cf-9e3acc292491 "e8d80795-1e07-47b3-9c87-186f671b6a15" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000kh41eiab
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 95fbc98a-3c27-44ae-84cf-9e3acc292491 "84e6126d-3464-4d76-9c19-0160eafb16a0" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000kh41eiab
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 95fbc98a-3c27-44ae-84cf-9e3acc292491 "e3e24934-4319-48e9-bf87-d4583f7e9574" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000kh41eiab
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 95fbc98a-3c27-44ae-84cf-9e3acc292491 "bafe3b2c-3bd0-4df3-abe5-6f6b048de27b" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000kh41eiab
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 95fbc98a-3c27-44ae-84cf-9e3acc292491 "5da68ded-3041-4a37-bb29-975445cce246" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000kh41eiab
                              Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                              Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSIC4F9.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformationJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSIC4F9.tmp-\AlphaControlAgentInstallation.dll VolumeInformationJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSICAE6.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformationJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSICAE6.tmp-\AlphaControlAgentInstallation.dll VolumeInformationJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSICAE6.tmp-\Newtonsoft.Json.dll VolumeInformationJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSIE1CA.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformationJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSIE1CA.tmp-\AlphaControlAgentInstallation.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll VolumeInformation
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSIFFD7.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSIFFD7.tmp-\AlphaControlAgentInstallation.dll VolumeInformation
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSIFFD7.tmp-\Newtonsoft.Json.dll VolumeInformation
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                              Source: C:\Windows\SysWOW64\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 Blob

                              Remote Access Functionality

                              barindex
                              Yara detected AteraAgent
                              Source: Yara matchFile source: 20.2.AgentPackageAgentInformation.exe.1fe49190000.1.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 13.0.AteraAgent.exe.1d0b8ff0000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 20.0.AgentPackageAgentInformation.exe.1fe48960000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000018.00000002.3591613381.00000140BF2C9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000F.00000002.4733388042.000000D20C6F5000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000018.00000002.3591758846.00000140BF2DB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000018.00000002.3592387002.00000140BF5B0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000018.00000002.3591758846.00000140BF30D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000016.00000002.2622426383.000002A87ED50000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001C.00000002.3978282360.000001BB81170000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000014.00000002.2619260815.000001FE49192000.00000002.00000001.01000000.00000018.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000014.00000002.2618394426.000001FE48A20000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2420125262.000001D0BADE9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000016.00000002.2619167947.000002A865C98000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2419340480.000001D0B928B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001A.00000002.3791226568.000001AD7AC9D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000018.00000002.3592707390.00000140BFBE3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000F.00000002.4747454234.0000025E6D89F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2420125262.000001D0BAE12000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2419340480.000001D0B92EA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000014.00000002.2619094670.000001FE48CD0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2422257360.000001D0D375F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000000.2366604814.000001D0B8FF2000.00000002.00000001.01000000.0000000F.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000014.00000002.2621254823.000001FE61AB0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000F.00000002.4751349828.0000025E6ED9A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000F.00000002.4739839137.0000025E00566000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000018.00000002.3592707390.00000140BFBF3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000016.00000002.2621291158.000002A866713000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001C.00000002.3980162683.000001BB81821000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001C.00000002.3980162683.000001BB81893000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2419340480.000001D0B92C1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000016.00000002.2619167947.000002A865C90000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000F.00000002.4748574493.0000025E6DA90000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000016.00000002.2621291158.000002A866703000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000016.00000002.2620139095.000002A866020000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000014.00000002.2619394288.000001FE492A3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000005.00000003.2291421210.0000000004400000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001C.00000002.3980162683.000001BB818A3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000F.00000002.4751349828.0000025E6EE6A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000016.00000002.2622805844.000002A87EE13000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2420125262.000001D0BAE14000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000018.00000002.3591758846.00000140BF2FD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2420125262.000001D0BAEDC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001A.00000002.3789368598.000001AD00047000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000018.00000002.3591613381.00000140BF2C0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000F.00000002.4739839137.0000025E0006B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001A.00000002.3791226568.000001AD7AC69000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000016.00000002.2619259032.000002A865CCC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001C.00000002.3978282360.000001BB811B5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000F.00000002.4739839137.0000025E007B7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001A.00000002.3792603364.000001AD7AF60000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001A.00000002.3789368598.000001AD000BF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2419150017.000001D0B9220000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000014.00000002.2618394426.000001FE48A60000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000F.00000002.4747454234.0000025E6D860000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001A.00000002.3791226568.000001AD7AC9F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000012.00000003.2427395376.00000000046FC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000F.00000002.4747454234.0000025E6D8EA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000014.00000000.2580452917.000001FE48962000.00000002.00000001.01000000.00000016.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001C.00000002.3978282360.000001BB811F5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2420125262.000001D0BADEC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2420125262.000001D0BAE92000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000014.00000002.2619394288.000001FE492B3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2423440628.00007FFD34254000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000016.00000002.2621291158.000002A8666D7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000005.00000002.2341611865.00000000047E4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2419340480.000001D0B92A1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000016.00000002.2619259032.000002A865D13000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000016.00000002.2621291158.000002A86674F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000014.00000002.2618394426.000001FE48A66000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000F.00000002.4748462349.0000025E6D960000.00000004.00000020.00040000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000F.00000002.4739839137.0000025E00242000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000014.00000002.2618394426.000001FE48AAC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001A.00000002.3789368598.000001AD00001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001C.00000002.3979649317.000001BB81380000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2419269606.000001D0B9260000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2421031200.000001D0D3456000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000016.00000002.2619259032.000002A865CE0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001C.00000002.3980162683.000001BB818DF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001A.00000002.3791226568.000001AD7AC60000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2422023619.000001D0D3700000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001C.00000002.3978282360.000001BB811AD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001A.00000002.3789368598.000001AD00073000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001C.00000002.3978282360.000001BB81179000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000006.00000003.2350193018.0000000004B8F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000F.00000002.4751349828.0000025E6EDB0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000018.00000002.3592707390.00000140BFBB7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2420125262.000001D0BAE1A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000016.00000002.2621291158.000002A866691000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2419269606.000001D0B9266000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2419340480.000001D0B927F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000016.00000002.2619259032.000002A865CAB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000004.00000003.2279701962.0000000004C02000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2420125262.000001D0BAEC6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000F.00000002.4747454234.0000025E6D8BF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000018.00000002.3591758846.00000140BF346000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000012.00000002.2483405814.0000000004A31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000012.00000002.2483405814.0000000004AD4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001C.00000002.3980162683.000001BB81867000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001A.00000002.3791226568.000001AD7ACE6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001C.00000002.3989509307.000001BB9A15A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000F.00000002.4739839137.0000025E004C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000018.00000002.3592707390.00000140BFC2F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001A.00000002.3789368598.000001AD00083000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000018.00000002.3592707390.00000140BFB71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000014.00000002.2619394288.000001FE49231000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000005.00000002.2341611865.0000000004741000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000F.00000002.4739839137.0000025E00001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2420125262.000001D0BAD61000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 2032, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 4324, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 4084, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: AteraAgent.exe PID: 4064, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: AteraAgent.exe PID: 800, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 2084, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: AgentPackageAgentInformation.exe PID: 3524, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: AgentPackageAgentInformation.exe PID: 768, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: AgentPackageAgentInformation.exe PID: 5728, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: AgentPackageAgentInformation.exe PID: 4236, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: AgentPackageAgentInformation.exe PID: 2664, type: MEMORYSTR
                              Source: Yara matchFile source: C:\Windows\Temp\~DF3BCE62784648DF98.TMP, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Temp\~DF510E6906F6ABC59A.TMP, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Temp\~DF4630E950FA28A864.TMP, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Temp\~DFF883924653294067.TMP, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Temp\~DF21C9A09377CDFE9B.TMP, type: DROPPED
                              Source: Yara matchFile source: C:\Config.Msi\41c383.rbs, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Temp\~DF2D3E5DF2735593AB.TMP, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Installer\inprogressinstallinfo.ipi, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\System32\InstallUtil.InstallLog, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Installer\MSIE1CA.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Installer\MSICAE6.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Installer\MSIC4F9.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Installer\MSIFFD7.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Installer\MSIE49A.tmp, type: DROPPED

                              Mitre Att&ck Matrix

                              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                              Gather Victim Identity InformationAcquire Infrastructure1
                              Replication Through Removable Media                              		121
                              Windows Management Instrumentation                              		1
                              DLL Side-Loading                              		1
                              DLL Side-Loading                              		21
                              Disable or Modify Tools                              		OS Credential Dumping11
                              Peripheral Device Discovery                              		Remote Services1
                              Archive Collected Data                              		1
                              Ingress Tool Transfer                              		Exfiltration Over Other Network MediumAbuse Accessibility Features
                              CredentialsDomainsDefault Accounts1
                              Command and Scripting Interpreter                              		21
                              Windows Service                              		21
                              Windows Service                              		21
                              Obfuscated Files or Information                              		LSASS Memory2
                              File and Directory Discovery                              		Remote Desktop ProtocolData from Removable Media11
                              Encrypted Channel                              		Exfiltration Over BluetoothNetwork Denial of Service
                              Email AddressesDNS ServerDomain Accounts11
                              Service Execution                              		Logon Script (Windows)11
                              Process Injection                              		1
                              Timestomp                              		Security Account Manager24
                              System Information Discovery                              		SMB/Windows Admin SharesData from Network Shared Drive2
                              Non-Application Layer Protocol                              		Automated ExfiltrationData Encrypted for Impact
                              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                              DLL Side-Loading                              		NTDS1
                              Query Registry                              		Distributed Component Object ModelInput Capture3
                              Application Layer Protocol                              		Traffic DuplicationData Destruction
                              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                              File Deletion                              		LSA Secrets211
                              Security Software Discovery                              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts122
                              Masquerading                              		Cached Domain Credentials1
                              Process Discovery                              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                              Modify Registry                              		DCSync141
                              Virtualization/Sandbox Evasion                              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job141
                              Virtualization/Sandbox Evasion                              		Proc Filesystem1
                              Application Window Discovery                              		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                              Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt11
                              Process Injection                              		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                              IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                              Rundll32                              		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                              Behavior Graph

                              Hide Legend

                              Legend:

                              • Process
                              • Signature
                              • Created File
                              • DNS/IP Info
                              • Is Dropped
                              • Is Windows Process
                              • Number of created Registry Values
                              • Number of created Files
                              • Visual Basic
                              • Delphi
                              • Java
                              • .Net C# or VB.NET
                              • C, C++ or other language
                              • Is malicious
                              • Internet
                              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1561803 Sample: registration.msi Startdate: 24/11/2024 Architecture: WINDOWS Score: 88 97 windowsupdatebg.s.llnwi.net 2->97 99 ps.pndsn.com 2->99 101 6 other IPs or domains 2->101 109 Multi AV Scanner detection for dropped file 2->109 111 Multi AV Scanner detection for submitted file 2->111 113 Yara detected AteraAgent 2->113 115 3 other signatures 2->115 9 msiexec.exe 82 43 2->9         started        12 AteraAgent.exe 2->12         started        16 msiexec.exe 5 2->16         started        signatures3 process4 dnsIp5 81 C:\Windows\Installer\MSIFFD7.tmp, PE32 9->81 dropped 83 C:\Windows\Installer\MSIE1CA.tmp, PE32 9->83 dropped 85 C:\Windows\Installer\MSICAE6.tmp, PE32 9->85 dropped 95 20 other files (17 malicious) 9->95 dropped 18 AteraAgent.exe 6 13 9->18         started        22 msiexec.exe 9->22         started        24 msiexec.exe 9->24         started        103 d25btwd9wax8gu.cloudfront.net 108.158.75.12, 443, 49795 AMAZON-02US United States 12->103 105 ps.pndsn.com 13.232.67.198, 443, 49774, 49775 AMAZON-02US United States 12->105 107 2 other IPs or domains 12->107 87 C:\...87ewtonsoft.Json.dll, PE32 12->87 dropped 89 C:\...\Atera.AgentPackage.Common.dll, PE32 12->89 dropped 91 C:\...\AgentPackageAgentInformation.exe, PE32 12->91 dropped 93 AgentPackageAgentInformation.exe.config, XML 12->93 dropped 123 Creates files in the system32 config directory 12->123 125 Reads the Security eventlog 12->125 127 Reads the System eventlog 12->127 26 AgentPackageAgentInformation.exe 12->26         started        28 sc.exe 12->28         started        30 AgentPackageAgentInformation.exe 12->30         started        32 3 other processes 12->32 file6 signatures7 process8 file9 59 C:\Windows\System32\InstallUtil.InstallLog, Unicode 18->59 dropped 61 C:\...\AteraAgent.InstallLog, Unicode 18->61 dropped 117 Creates files in the system32 config directory 18->117 119 Reads the Security eventlog 18->119 121 Reads the System eventlog 18->121 34 rundll32.exe 15 9 22->34         started        37 rundll32.exe 7 22->37         started        39 rundll32.exe 8 22->39         started        41 rundll32.exe 22->41         started        49 2 other processes 24->49 43 conhost.exe 26->43         started        45 conhost.exe 28->45         started        47 conhost.exe 30->47         started        51 3 other processes 32->51 signatures10 process11 file12 63 C:\...\AlphaControlAgentInstallation.dll, PE32 34->63 dropped 73 3 other files (none is malicious) 34->73 dropped 65 C:\...\AlphaControlAgentInstallation.dll, PE32 37->65 dropped 75 3 other files (none is malicious) 37->75 dropped 67 C:\...\AlphaControlAgentInstallation.dll, PE32 39->67 dropped 77 3 other files (none is malicious) 39->77 dropped 69 C:\...\AlphaControlAgentInstallation.dll, PE32 41->69 dropped 71 C:\Windows\...\System.Management.dll, PE32 41->71 dropped 79 2 other files (none is malicious) 41->79 dropped 53 conhost.exe 49->53         started        55 conhost.exe 49->55         started        57 net1.exe 1 49->57         started        process13

                              Screenshots

                              Thumbnails

                              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                              windows-stand

                              Antivirus, Machine Learning and Genetic Malware Detection

                              Initial Sample

                              SourceDetectionScannerLabelLink
                              registration.msi29%ReversingLabsWin32.Trojan.Atera

                              Dropped Files

                              SourceDetectionScannerLabelLink
                              C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe26%ReversingLabsWin32.Trojan.Atera
                              C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dll0%ReversingLabs
                              C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll0%ReversingLabs
                              C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll0%ReversingLabs
                              C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe0%ReversingLabs
                              C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll0%ReversingLabs
                              C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll0%ReversingLabs
                              C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll0%ReversingLabs
                              C:\Program Files (x86)\ATERA Networks\AteraAgent\System.ValueTuple.dll0%ReversingLabs
                              C:\Windows\Installer\MSIC4F9.tmp0%ReversingLabs
                              C:\Windows\Installer\MSIC4F9.tmp-\AlphaControlAgentInstallation.dll0%ReversingLabs
                              C:\Windows\Installer\MSIC4F9.tmp-\Microsoft.Deployment.WindowsInstaller.dll0%ReversingLabs
                              C:\Windows\Installer\MSIC4F9.tmp-\Newtonsoft.Json.dll0%ReversingLabs
                              C:\Windows\Installer\MSIC4F9.tmp-\System.Management.dll0%ReversingLabs
                              C:\Windows\Installer\MSICAE6.tmp0%ReversingLabs
                              C:\Windows\Installer\MSICAE6.tmp-\AlphaControlAgentInstallation.dll0%ReversingLabs
                              C:\Windows\Installer\MSICAE6.tmp-\Microsoft.Deployment.WindowsInstaller.dll0%ReversingLabs
                              C:\Windows\Installer\MSICAE6.tmp-\Newtonsoft.Json.dll0%ReversingLabs
                              C:\Windows\Installer\MSICAE6.tmp-\System.Management.dll0%ReversingLabs
                              C:\Windows\Installer\MSIE1CA.tmp0%ReversingLabs
                              C:\Windows\Installer\MSIE1CA.tmp-\AlphaControlAgentInstallation.dll0%ReversingLabs
                              C:\Windows\Installer\MSIE1CA.tmp-\Microsoft.Deployment.WindowsInstaller.dll0%ReversingLabs
                              C:\Windows\Installer\MSIE1CA.tmp-\Newtonsoft.Json.dll0%ReversingLabs
                              C:\Windows\Installer\MSIE1CA.tmp-\System.Management.dll0%ReversingLabs
                              C:\Windows\Installer\MSIE49B.tmp0%ReversingLabs
                              C:\Windows\Installer\MSIE596.tmp0%ReversingLabs
                              C:\Windows\Installer\MSIE6C0.tmp0%ReversingLabs
                              C:\Windows\Installer\MSIFFD7.tmp0%ReversingLabs
                              C:\Windows\Installer\MSIFFD7.tmp-\AlphaControlAgentInstallation.dll0%ReversingLabs
                              C:\Windows\Installer\MSIFFD7.tmp-\Microsoft.Deployment.WindowsInstaller.dll0%ReversingLabs
                              C:\Windows\Installer\MSIFFD7.tmp-\Newtonsoft.Json.dll0%ReversingLabs
                              C:\Windows\Installer\MSIFFD7.tmp-\System.Management.dll0%ReversingLabs

                              Unpacked PE Files

                              No Antivirus matches

                              Domains

                              No Antivirus matches

                              URLs

                              No Antivirus matches

                              Domains and IPs

                              Contacted Domains

                              NameIPActiveMaliciousAntivirus DetectionReputation
                              ps.pndsn.com
                              		13.232.67.198
                              		truefalse
                                		high
                                bg.microsoft.map.fastly.net
                                		199.232.214.172
                                		truefalse
                                  		high
                                  s-part-0035.t-0009.t-msedge.net
                                  		13.107.246.63
                                  		truefalse
                                    		high
                                    d25btwd9wax8gu.cloudfront.net
                                    		108.158.75.12
                                    		truefalse
                                      		unknown
                                      fp2e7a.wpc.phicdn.net
                                      		192.229.221.95
                                      		truefalse
                                        		high
                                        windowsupdatebg.s.llnwi.net
                                        		178.79.238.128
                                        		truefalse
                                          		high
                                          ps.atera.com
                                          		unknown
                                          		unknownfalse
                                            		high
                                            agent-api.atera.com
                                            		unknown
                                            		unknownfalse
                                              		high

                                              Contacted URLs

                                              NameMaliciousAntivirus DetectionReputation
                                              https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95fbc98a-3c27-44ae-84cf-9e3acc292491/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=5acd82f0-57ae-41e0-85e3-b5cb80ee27df&tr=31&tt=17324433379477685&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491false
                                                		high
                                                https://ps.atera.com/agentpackagesnet45/AgentPackageAgentInformation/38.0/AgentPackageAgentInformation.zip?w8Q4MxnxsTU+y3lbIKhb1p3E6E9NGNGr43vM7ggjDRD5G9cDVa0pn3fF3kInqamcfalse
                                                  		high
                                                  https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=8dec4445-c0f5-4b3e-90c5-b0e958ca91da&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491false
                                                    		high
                                                    https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95fbc98a-3c27-44ae-84cf-9e3acc292491/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=b554e624-5e74-4caa-b7de-790b1533e993&tr=31&tt=17324434350865773&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491false
                                                      		high
                                                      https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=b46022d7-cbaa-40b8-8c72-fd984bb21007&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491false
                                                        		high
                                                        https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95fbc98a-3c27-44ae-84cf-9e3acc292491/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=e695b199-cbc9-44ed-b89a-77707fde66b0&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491false
                                                          		high
                                                          https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95fbc98a-3c27-44ae-84cf-9e3acc292491/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=e3aa32f8-3a58-4ef4-b289-b05205d0c00e&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491false
                                                            		high
                                                            https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95fbc98a-3c27-44ae-84cf-9e3acc292491/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=57719228-a14b-4385-bc90-4fb880778c52&tt=0&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491false
                                                              		high
                                                              https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=12ab6b1a-a82d-4206-b67b-cf0ecb23de70&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491false
                                                                		high
                                                                https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=dd31cbca-11f7-438d-95d1-0103076c3b19&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491false
                                                                  		high
                                                                  https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e10b719b-981a-446e-ba23-7c69d7f94ded&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491false
                                                                    		high
                                                                    https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=9ead68d6-bdd5-4770-a068-8d3fb261cd22&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491false
                                                                      		high
                                                                      https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95fbc98a-3c27-44ae-84cf-9e3acc292491/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=b748dd63-e45c-4e56-a14e-2acb4546abf0&tr=31&tt=17324434315367656&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491false
                                                                        		high
                                                                        https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95fbc98a-3c27-44ae-84cf-9e3acc292491/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=2437e5c2-c49a-46e7-85a0-5bd5b0f3e346&tt=0&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491false
                                                                          		high
                                                                          https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95fbc98a-3c27-44ae-84cf-9e3acc292491/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=44d081ca-4526-4116-82b9-755899f28369&tt=0&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491false
                                                                            		high
                                                                            https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95fbc98a-3c27-44ae-84cf-9e3acc292491/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=8a545e8a-5ca3-4586-95ee-223486bad101&tr=31&tt=17324433411580562&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491false
                                                                              		high
                                                                              https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95fbc98a-3c27-44ae-84cf-9e3acc292491/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=15951373-2c36-4fa8-affe-36f2ec07b81f&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491false
                                                                                		high
                                                                                https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95fbc98a-3c27-44ae-84cf-9e3acc292491/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=939e5a96-d596-4e59-936e-7ae5d28307cc&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491false
                                                                                  		high
                                                                                  https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=af5bf701-7249-45e5-86be-19d8d9c83003&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491false
                                                                                    		high
                                                                                    https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95fbc98a-3c27-44ae-84cf-9e3acc292491/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=d06e9be8-9779-43f1-a370-eed925135e8d&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491false
                                                                                      		high
                                                                                      https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95fbc98a-3c27-44ae-84cf-9e3acc292491/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=15a8e400-4d66-4396-85a9-a52c47560c82&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491false
                                                                                        		high
                                                                                        https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=aa11bfe9-8289-42c2-be65-d6291fd164cf&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491false
                                                                                          		high
                                                                                          https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95fbc98a-3c27-44ae-84cf-9e3acc292491/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=92f4880d-dc2f-4ace-a46f-d9a0bf4fb400&tr=33&tt=17324434578282801&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491false
                                                                                            		high
                                                                                            https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95fbc98a-3c27-44ae-84cf-9e3acc292491/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=3dabc9ca-50ca-4769-82eb-40791913b06c&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491false
                                                                                              		high
                                                                                              https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=3f56d55c-6ba5-4af1-9be1-2dea66d5d0f7&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491false
                                                                                                		high
                                                                                                https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=1ddb02cf-39da-4196-a130-53d484e9194d&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491false
                                                                                                  		high
                                                                                                  https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95fbc98a-3c27-44ae-84cf-9e3acc292491/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=6d5cfce1-b215-4be8-a3eb-65f371d376ce&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491false
                                                                                                    		high
                                                                                                    https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=cc4be31c-7bd0-4546-8157-021785aaabf9&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491false
                                                                                                      		high
                                                                                                      https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=a550ee73-b0e6-4203-86b7-33ebef664c1d&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491false
                                                                                                        		high
                                                                                                        https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=7ad0a761-601d-4dfb-892a-87e5a80d8cfd&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491false
                                                                                                          		high
                                                                                                          https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95fbc98a-3c27-44ae-84cf-9e3acc292491/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=1c583dbc-af1e-4d45-80f1-003dabe8eea7&tt=0&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491false
                                                                                                            		high

                                                                                                            URLs from Memory and Binaries

                                                                                                            NameSourceMaliciousAntivirus DetectionReputation
                                                                                                            https://agent-api.atera.com/Production/Agent/GetCommands8AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00242000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e39b01e5-dc44-47cf-a0d2-d7bead94718eAteraAgent.exe, 0000000F.00000002.4739839137.0000025E00304000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://schemas.datacontract.orgAteraAgent.exe, 0000000D.00000002.2420125262.000001D0BAE1A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://agent-api.atera.com/Production/Agent/GetCommands)AteraAgent.exe, 0000000F.00000002.4739839137.0000025E007B7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://agent-api.atera.com/Production/Agent/track-eventrundll32.exe, 00000005.00000002.2341611865.00000000047E4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2341611865.0000000004741000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2483405814.0000000004A31000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2483405814.0000000004AD4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://dl.google.com/googletalk/googletalk-setup.exeAteraAgent.exe, 0000000F.00000002.4751349828.0000025E6EE6A000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000000.2580452917.000001FE48962000.00000002.00000001.01000000.00000016.sdmp, AgentPackageAgentInformation.exe.15.drfalse
                                                                                                                        		high
                                                                                                                        https://agent-api.atera.com/Production/Agent/rundll32.exe, 00000004.00000003.2279701962.0000000004C02000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2291421210.0000000004400000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2341611865.00000000047E4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2341611865.0000000004741000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2350193018.0000000004B8F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2427395376.00000000046FC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2483405814.0000000004A31000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2483405814.0000000004AD4000.00000004.00000800.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.6.dr, AlphaControlAgentInstallation.dll.18.dr, AlphaControlAgentInstallation.dll.4.drfalse
                                                                                                                          		high
                                                                                                                          http://schemas.datacontract.org/2004/07/System.ServiceProcessAteraAgent.exe, 0000000D.00000002.2420125262.000001D0BAE1A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=05ecc6e5-ecbe-426c-b21f-2f414d78087eAteraAgent.exe, 0000000F.00000002.4739839137.0000025E00304000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://wixtoolset.orgrundll32.exe, 00000004.00000003.2279701962.0000000004C33000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2291421210.0000000004431000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2350193018.0000000004BC0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2427395376.000000000472D000.00000004.00000020.00020000.00000000.sdmp, registration.msi, MSIE596.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, 41c382.msi.2.dr, MSIE6C0.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.18.dr, MSIE49B.tmp.2.drfalse
                                                                                                                                		high
                                                                                                                                https://agent-api.atera.com/ProductionAgentPackageAgentInformation.exe, 00000014.00000002.2619394288.000001FE492B3000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000016.00000002.2621291158.000002A86674F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.3592707390.00000140BFC2F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.3789368598.000001AD000BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001C.00000002.3980162683.000001BB818DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://agent-api.atera.com/Production/Agent/GetCommandsFallback0AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00304000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://ps.atera.com/agentpackageswin/AgentPackageRuntimeInstaller/13.0/AgentPackageRuntimeInstallerAteraAgent.exe, 0000000F.00000002.4739839137.0000025E00195000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E001B6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E001BE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00189000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E0023A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00242000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00063000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://acontrol.atera.com/AteraAgent.exe, 0000000D.00000000.2366604814.000001D0B8FF2000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00001000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe.2.drfalse
                                                                                                                                        		high
                                                                                                                                        https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95fbc98aAteraAgent.exe, 0000000F.00000002.4739839137.0000025E00092000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://agent-api.atera.com/Production/Agent/AgentStarting)AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00566000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E004C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://ps.pndsn.comAteraAgent.exe, 0000000F.00000002.4739839137.0000025E000E2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00434000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://agent-api.atera.com/Production/Agent/GetRecurringPackagesceAteraAgent.exe, 0000000F.00000002.4739839137.0000025E00092000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namerundll32.exe, 00000005.00000002.2341611865.00000000047E4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2341611865.0000000004741000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00001000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2483405814.0000000004A31000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2483405814.0000000004AD4000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.2619394288.000001FE492B3000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000016.00000002.2621291158.000002A86674F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.3592707390.00000140BFC2F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.3789368598.000001AD000BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001C.00000002.3980162683.000001BB818DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://ps.atera.com/agentpackagesnet45/AgentPackageNetworkDiscovery/23.9/AgentPackageNetworkDiscoveAteraAgent.exe, 0000000F.00000002.4739839137.0000025E00195000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E001B6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E001BE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00189000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E0023A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00242000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00063000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://agent-api.atera.comrundll32.exe, 00000005.00000002.2341611865.0000000004805000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E004E4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00566000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00560000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E007DF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E004C0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2483405814.0000000004AF5000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.2619394288.000001FE4935F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000016.00000002.2621291158.000002A8667BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.3592707390.00000140BFC9F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.3789368598.000001AD0012F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001C.00000002.3980162683.000001BB8194F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://schemas.datacontract.org/2004/07/AteraAgent.exe, 0000000D.00000002.2420125262.000001D0BAE1A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://microsoft.corundll32.exe, 00000005.00000002.2347431568.0000000007022000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://github.com/icsharpcode/SharpZipLibAteraAgent.exe, 0000000F.00000002.4753488973.0000025E6F162000.00000002.00000001.01000000.0000001B.sdmp, ICSharpCode.SharpZipLib.dll.2.drfalse
                                                                                                                                                            		high
                                                                                                                                                            https://ps.atera.com/agentpackageswin/AgentPackageNetworkDiscovery/15.0/AgentPackageNetworkDiscoveryAteraAgent.exe, 0000000F.00000002.4739839137.0000025E0023A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00242000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://ps.atera.com/agentpackagescrossplatform/AgentPackageAgentInformation/1.13/AgentPackageAgentIAteraAgent.exe, 0000000F.00000002.4739839137.0000025E000CA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E000C5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://ps.atera.com/agentpackagesnet45/Agent.Package.Watchdog/1.7/Agent.Package.Watchdog.zipAteraAgent.exe, 0000000F.00000002.4739839137.0000025E00195000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E001B6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00232000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00063000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://wixtoolset.org/Whttp://wixtoolset.org/telemetry/vrundll32.exe, 00000004.00000003.2279701962.0000000004C02000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2291421210.0000000004400000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2350193018.0000000004B8F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2427395376.00000000046FC000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.18.drfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95fbc98a-3c27-44ae-84cfAteraAgent.exe, 0000000F.00000002.4739839137.0000025E00242000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E001C2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00092000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00440000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=6369cfb0-4b84-4f4d-9006-15859c206f1eAteraAgent.exe, 0000000F.00000002.4739839137.0000025E00304000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://ps.atera.com/agentpackagesnet45/AgentPackageTaskScheduler/17.2/AgentPackageTaskScheduler.zipAteraAgent.exe, 0000000F.00000002.4739839137.0000025E00195000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E001B6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E001BE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00189000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E0023A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00242000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00063000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=3af72751-dbe9-4596-b6ee-6d67e84a5830AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00242000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://agent-api.atera.comAgentPackageAgentInformation.exe, 0000001C.00000002.3980162683.000001BB818DF000.00000004.00000800.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.6.dr, AlphaControlAgentInstallation.dll.18.dr, AlphaControlAgentInstallation.dll.4.drfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://agent-api.atera.com/Production/Agent/AgentStartingAteraAgent.exe, 0000000F.00000002.4739839137.0000025E00304000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00242000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E007E3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00092000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=c7890d66-5dda-44b9-9266-433341b69fe6AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00304000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://www.w3.ohAteraAgent.exe, 0000000D.00000002.2420125262.000001D0BAE1A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://agent-api.atera.com/Production/Agent/GetCommandsAteraAgent.exe, 0000000F.00000002.4739839137.0000025E00304000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00242000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00434000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=61d95b76-5b67-4486-9f2d-f8d365c1f79dAteraAgent.exe, 0000000F.00000002.4739839137.0000025E00304000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=9ead68d6-bdd5-4770-a068-8d3fb261cd22AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00434000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=50e4cbc2-cc27-4e42-b044-8c7a8b8e200dAteraAgent.exe, 0000000F.00000002.4739839137.0000025E00304000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://agent-api.atera.com/rundll32.exe, 00000004.00000003.2279701962.0000000004C02000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2291421210.0000000004400000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2341611865.00000000047E4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2341611865.0000000004741000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2350193018.0000000004B8F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2427395376.00000000046FC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2483405814.0000000004A31000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2483405814.0000000004AD4000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.2621254823.000001FE61AB0000.00000004.00000020.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.6.dr, AlphaControlAgentInstallation.dll.18.dr, AlphaControlAgentInstallation.dll.4.drfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://agent-api.atera.com/Production/Agent/GetRecurringPackagesAteraAgent.exe, 0000000F.00000002.4739839137.0000025E00440000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://ps.atera.com/agentpackageswin/Agent.Package.Availability/13.0/Agent.Package.Availability.zipAteraAgent.exe, 0000000F.00000002.4739839137.0000025E00195000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E001B6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00232000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00063000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://www.newtonsoft.com/jsonschemaNewtonsoft.Json.dll.18.drfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://ps.atera.com/agentpackagesmac/AgentPackageRuntimeInstaller/1.5/AgentPackageRuntimeInstaller.AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00195000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E001B6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E001BE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00189000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E0023A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00242000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00063000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://ps.atera.com/agentpackageswin/Agent.Package.Watchdog/13.0/Agent.Package.Watchdog.zipAteraAgent.exe, 0000000F.00000002.4739839137.0000025E00195000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E001B6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00232000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00063000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=b02e1ef0-ec67-47b3-a61c-d81850d0d964AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00242000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://ps.atera.com/agentpackagesnet45/Agent.Package.Availability/0.16/Agent.Package.Availability.zAteraAgent.exe, 0000000F.00000002.4739839137.0000025E00195000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E001B6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00232000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00063000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://ps.pndsn.com/v2TAteraAgent.exe, 0000000F.00000002.4739839137.0000025E00304000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://agent-api.atera.com/Production/Agent/GetRecurringPackagesnectionAteraAgent.exe, 0000000F.00000002.4739839137.0000025E001C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://ps.atera.com/agentpackagesmac/Agent.Package.IotPoc/0.2/Agent.Package.IotPoc.zipAteraAgent.exe, 0000000F.00000002.4739839137.0000025E00195000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E001B6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E001BE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00189000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E0023A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00242000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00063000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://ps.atera.com/agentpackagesnet45/Agent.Package.IotPoc/0.2/Agent.Package.IotPoc.zipAteraAgent.exe, 0000000F.00000002.4739839137.0000025E00195000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E001B6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E001BE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00189000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E0023A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00242000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00063000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://ps.atera.com/agentpackagesmac/Agent.Package.Watchdog/1.7/Agent.Package.Watchdog.zipAteraAgent.exe, 0000000F.00000002.4739839137.0000025E00195000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E001B6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00232000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00063000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=9264d1e3-b040-4685-8c12-22cc4dee131bAteraAgent.exe, 0000000F.00000002.4739839137.0000025E00242000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://www.newtonsoft.com/jsonrundll32.exe, 00000004.00000003.2279701962.0000000004C33000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2291421210.0000000004431000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2350193018.0000000004BC0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2427395376.000000000472D000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.6.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.18.drfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          https://agent-api.atera.com/Production/Agent/AgeAteraAgent.exe, 0000000F.00000002.4739839137.0000025E007EF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E007E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            https://ps.atera.com/agentpackageswin/AgentPackageHeartbeat/16.9AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00232000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              http://wixtoolset.org/news/rundll32.exe, 00000004.00000003.2279701962.0000000004C02000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2291421210.0000000004400000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2350193018.0000000004B8F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2427395376.00000000046FC000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.18.drfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbfSystem.ValueTuple.dll.2.drfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  https://ps.atera.com/agentpackageswin/AgentPackageAgentInformation/22.7/AgentPackageAgentInformationAteraAgent.exe, 0000000F.00000002.4739839137.0000025E000CA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E000C5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    https://agent-api.aterDrundll32.exe, 00000005.00000002.2341611865.00000000047E4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2483405814.0000000004AD4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                      https://ps.atera.com/agentpackagesmac/AgentPackageNetworkDiscovery/13.0/AgentPackageNetworkDiscoveryAteraAgent.exe, 0000000F.00000002.4739839137.0000025E00195000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E001B6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E001BE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00189000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E0023A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00242000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00063000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                        https://ps.atera.com/agentpackageswin/Agent.Package.IotPoc/13.0/Agent.Package.IotPoc.zipAteraAgent.exe, 0000000F.00000002.4739839137.0000025E00195000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E001B6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E001BE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00189000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E0023A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00242000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00063000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                          https://ps.atera.com/agentpackagesmac/AgentPackageTaskScheduler/13.0/AgentPackageTaskScheduler.zipAteraAgent.exe, 0000000F.00000002.4739839137.0000025E00195000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E001B6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E001BE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00189000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E0023A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00242000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00063000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                            https://ps.atera.com/agentpackagesmac/AgentPackageAgentInformation/38.0/AgentPackageAgentInformationAteraAgent.exe, 0000000F.00000002.4739839137.0000025E000CA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E000C5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                              https://agent-api.PAteraAgent.exe, 0000000F.00000002.4739839137.0000025E007DB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E007EF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E007E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                http://www.w3.oAteraAgent.exe, 0000000D.00000002.2420125262.000001D0BAE1A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                  https://ps.atera.com/agentpackagesnet45/AgentPackageAgentInformation/38.0/AgentPackageAgentInformatiAteraAgent.exe, 0000000F.00000002.4739839137.0000025E000CA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E000C5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                                    https://agent-api.atera.com/Production/Agent/GetCommandsFallbackAteraAgent.exe, 0000000F.00000002.4739839137.0000025E00304000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.4739839137.0000025E00242000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                      		high

                                                                                                                                                                                                                                                      World Map of Contacted IPs

                                                                                                                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                      • 75% < No. of IPs

                                                                                                                                                                                                                                                      Public IPs

                                                                                                                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                      13.232.67.198
                                                                                                                                                                                                                                                      		ps.pndsn.comUnited States
                                                                                                                                                                                                                                                      		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                      13.232.67.199
                                                                                                                                                                                                                                                      		unknownUnited States
                                                                                                                                                                                                                                                      		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                      108.158.75.12
                                                                                                                                                                                                                                                      		d25btwd9wax8gu.cloudfront.netUnited States
                                                                                                                                                                                                                                                      		16509AMAZON-02USfalse

                                                                                                                                                                                                                                                      General Information

                                                                                                                                                                                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                                      Analysis ID:1561803
                                                                                                                                                                                                                                                      Start date and time:2024-11-24 11:14:08 +01:00
                                                                                                                                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                      Overall analysis duration:0h 13m 1s
                                                                                                                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                      Report type:full
                                                                                                                                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                      Number of analysed new started processes analysed:33
                                                                                                                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                                                                                                                      Technologies:
                                                                                                                                                                                                                                                      • HCA enabled
                                                                                                                                                                                                                                                      • EGA enabled
                                                                                                                                                                                                                                                      • AMSI enabled
                                                                                                                                                                                                                                                      Analysis Mode:default
                                                                                                                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                                                                                                                      Sample name:registration.msi
                                                                                                                                                                                                                                                      Detection:MAL
                                                                                                                                                                                                                                                      Classification:mal88.troj.spyw.evad.winMSI@43/88@29/3
                                                                                                                                                                                                                                                      EGA Information:Failed
                                                                                                                                                                                                                                                      HCA Information:
                                                                                                                                                                                                                                                      • Successful, ratio: 76%
                                                                                                                                                                                                                                                      • Number of executed functions: 413
                                                                                                                                                                                                                                                      • Number of non-executed functions: 2
                                                                                                                                                                                                                                                      Cookbook Comments:
                                                                                                                                                                                                                                                      • Found application associated with file extension: .msi
                                                                                                                                                                                                                                                      • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                                                                                                                                      Warnings

                                                                                                                                                                                                                                                      • Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe
                                                                                                                                                                                                                                                      • Excluded IPs from analysis (whitelisted): 40.119.152.241, 192.229.221.95, 178.79.238.0, 199.232.214.172
                                                                                                                                                                                                                                                      • Excluded domains from analysis (whitelisted): crl.edge.digicert.com, client.wns.windows.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, otelrules.afd.azureedge.net, cacerts.digicert.com, agentsapi.trafficmanager.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, atera-agent-api-eu.westeurope.cloudapp.azure.com, ocsp.edge.digicert.com, azureedge-t-prod.trafficmanager.net, crl3.digicert.com, crl4.digicert.com, wu-b-net.trafficmanager.net
                                                                                                                                                                                                                                                      • Execution Graph export aborted for target AgentPackageAgentInformation.exe, PID 2664 because it is empty
                                                                                                                                                                                                                                                      • Execution Graph export aborted for target AgentPackageAgentInformation.exe, PID 3524 because it is empty
                                                                                                                                                                                                                                                      • Execution Graph export aborted for target AgentPackageAgentInformation.exe, PID 4236 because it is empty
                                                                                                                                                                                                                                                      • Execution Graph export aborted for target AgentPackageAgentInformation.exe, PID 5728 because it is empty
                                                                                                                                                                                                                                                      • Execution Graph export aborted for target AgentPackageAgentInformation.exe, PID 768 because it is empty
                                                                                                                                                                                                                                                      • Execution Graph export aborted for target AteraAgent.exe, PID 4064 because it is empty
                                                                                                                                                                                                                                                      • Execution Graph export aborted for target AteraAgent.exe, PID 800 because it is empty
                                                                                                                                                                                                                                                      • Execution Graph export aborted for target rundll32.exe, PID 2032 because it is empty
                                                                                                                                                                                                                                                      • Execution Graph export aborted for target rundll32.exe, PID 2084 because it is empty
                                                                                                                                                                                                                                                      • Execution Graph export aborted for target rundll32.exe, PID 4084 because it is empty
                                                                                                                                                                                                                                                      • Execution Graph export aborted for target rundll32.exe, PID 4324 because it is empty
                                                                                                                                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                                                      • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                                                      • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                                      • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                                                                      • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                                                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                                      • VT rate limit hit for: registration.msi

                                                                                                                                                                                                                                                      Simulations

                                                                                                                                                                                                                                                      Behavior and APIs

                                                                                                                                                                                                                                                      TimeTypeDescription
                                                                                                                                                                                                                                                      05:15:21API Interceptor2x Sleep call for process: rundll32.exe modified
                                                                                                                                                                                                                                                      05:15:28API Interceptor9027521x Sleep call for process: AteraAgent.exe modified
                                                                                                                                                                                                                                                      05:15:49API Interceptor5x Sleep call for process: AgentPackageAgentInformation.exe modified

                                                                                                                                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                                                                                                                                      IPs

                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                      13.232.67.198Digital.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                        Guidelines_for_Citizen_Safety.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                          e0#U05ea.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                            ReceitaFederal-consulta-yFZMA-45896_v.3_35687.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                              13.232.67.199file_66efd0132ceed.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                setup (1).msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                  108.158.75.12ReceitaFederal-consulta-yFZMA-45896_v.3_35687.msiGet hashmaliciousAteraAgentBrowse

                                                                                                                                                                                                                                                                    Domains

                                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                    ps.pndsn.comDigital.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                    • 13.232.67.198
                                                                                                                                                                                                                                                                    file_66efd0132ceed.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                    • 13.232.67.199
                                                                                                                                                                                                                                                                    Guidelines_for_Citizen_Safety.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                    • 13.232.67.198
                                                                                                                                                                                                                                                                    e0#U05ea.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                    • 13.232.67.198
                                                                                                                                                                                                                                                                    ReceitaFederal-consulta-yFZMA-45896_v.3_35687.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                    • 13.232.67.198
                                                                                                                                                                                                                                                                    BOMB-762.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                    • 35.157.63.227
                                                                                                                                                                                                                                                                    9rSeCZbjZE.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                    • 35.157.63.229
                                                                                                                                                                                                                                                                    Guidelines_for_Citizen_Safety.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                    • 35.157.63.229
                                                                                                                                                                                                                                                                    Lisect_AVT_24003_G1B_84.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                    • 35.157.63.227
                                                                                                                                                                                                                                                                    forumapp.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                    • 35.157.63.228
                                                                                                                                                                                                                                                                    bg.microsoft.map.fastly.netDigital.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                    • 199.232.214.172
                                                                                                                                                                                                                                                                    file_66efd0132ceed.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                    • 199.232.214.172
                                                                                                                                                                                                                                                                    Guidelines_for_Citizen_Safety.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                    • 199.232.210.172
                                                                                                                                                                                                                                                                    e0#U05ea.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                    • 199.232.214.172
                                                                                                                                                                                                                                                                    ReceitaFederal-consulta-yFZMA-45896_v.3_35687.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                    • 199.232.214.172
                                                                                                                                                                                                                                                                    zapret.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    • 199.232.214.172
                                                                                                                                                                                                                                                                    canva.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    • 199.232.210.172
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousJasonRATBrowse
                                                                                                                                                                                                                                                                    • 199.232.210.172
                                                                                                                                                                                                                                                                    4yOuoT4GFy.exeGet hashmaliciousAsyncRATBrowse
                                                                                                                                                                                                                                                                    • 199.232.214.172
                                                                                                                                                                                                                                                                    6xQ8CMUaES.exeGet hashmaliciousXmrigBrowse
                                                                                                                                                                                                                                                                    • 199.232.210.172

                                                                                                                                                                                                                                                                    ASNs

                                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                    AMAZON-02USDigital.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                    • 13.232.67.198
                                                                                                                                                                                                                                                                    file_66efd0132ceed.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                    • 13.232.67.199
                                                                                                                                                                                                                                                                    Guidelines_for_Citizen_Safety.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                    • 13.232.67.198
                                                                                                                                                                                                                                                                    e0#U05ea.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                    • 13.232.67.198
                                                                                                                                                                                                                                                                    ReceitaFederal-consulta-yFZMA-45896_v.3_35687.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                    • 108.158.75.12
                                                                                                                                                                                                                                                                    zgp.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                    • 13.245.101.151
                                                                                                                                                                                                                                                                    santi.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                    • 13.248.169.48
                                                                                                                                                                                                                                                                    PAYROLL LIST.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                    • 13.248.169.48
                                                                                                                                                                                                                                                                    CV Lic H&S Olivetti Renzo.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                    • 13.248.221.243
                                                                                                                                                                                                                                                                    VSP469620.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                    • 13.248.169.48
                                                                                                                                                                                                                                                                    AMAZON-02USDigital.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                    • 13.232.67.198
                                                                                                                                                                                                                                                                    file_66efd0132ceed.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                    • 13.232.67.199
                                                                                                                                                                                                                                                                    Guidelines_for_Citizen_Safety.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                    • 13.232.67.198
                                                                                                                                                                                                                                                                    e0#U05ea.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                    • 13.232.67.198
                                                                                                                                                                                                                                                                    ReceitaFederal-consulta-yFZMA-45896_v.3_35687.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                    • 108.158.75.12
                                                                                                                                                                                                                                                                    zgp.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                    • 13.245.101.151
                                                                                                                                                                                                                                                                    santi.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                    • 13.248.169.48
                                                                                                                                                                                                                                                                    PAYROLL LIST.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                    • 13.248.169.48
                                                                                                                                                                                                                                                                    CV Lic H&S Olivetti Renzo.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                    • 13.248.221.243
                                                                                                                                                                                                                                                                    VSP469620.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                    • 13.248.169.48

                                                                                                                                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                    3b5074b1b5d032e5620f69f9f700ff0eDigital.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                    • 13.232.67.198
                                                                                                                                                                                                                                                                    • 13.232.67.199
                                                                                                                                                                                                                                                                    • 108.158.75.12
                                                                                                                                                                                                                                                                    file_66efd0132ceed.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                    • 13.232.67.198
                                                                                                                                                                                                                                                                    • 13.232.67.199
                                                                                                                                                                                                                                                                    • 108.158.75.12
                                                                                                                                                                                                                                                                    Guidelines_for_Citizen_Safety.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                    • 13.232.67.198
                                                                                                                                                                                                                                                                    • 13.232.67.199
                                                                                                                                                                                                                                                                    • 108.158.75.12
                                                                                                                                                                                                                                                                    e0#U05ea.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                    • 13.232.67.198
                                                                                                                                                                                                                                                                    • 13.232.67.199
                                                                                                                                                                                                                                                                    • 108.158.75.12
                                                                                                                                                                                                                                                                    ReceitaFederal-consulta-yFZMA-45896_v.3_35687.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                    • 13.232.67.198
                                                                                                                                                                                                                                                                    • 13.232.67.199
                                                                                                                                                                                                                                                                    • 108.158.75.12
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                                                                                                                                                                                                                                                    • 13.232.67.198
                                                                                                                                                                                                                                                                    • 13.232.67.199
                                                                                                                                                                                                                                                                    • 108.158.75.12
                                                                                                                                                                                                                                                                    CargoInvoice_Outstanding_56789_2024-11-21.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                                                                                                    • 13.232.67.198
                                                                                                                                                                                                                                                                    • 13.232.67.199
                                                                                                                                                                                                                                                                    • 108.158.75.12
                                                                                                                                                                                                                                                                    ZEcVl5jzXD.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                                                    • 13.232.67.198
                                                                                                                                                                                                                                                                    • 13.232.67.199
                                                                                                                                                                                                                                                                    • 108.158.75.12
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                    • 13.232.67.198
                                                                                                                                                                                                                                                                    • 13.232.67.199
                                                                                                                                                                                                                                                                    • 108.158.75.12
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                    • 13.232.67.198
                                                                                                                                                                                                                                                                    • 13.232.67.199
                                                                                                                                                                                                                                                                    • 108.158.75.12

                                                                                                                                                                                                                                                                    Dropped Files

                                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                    C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dllDigital.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                      file_66efd0132ceed.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                        Guidelines_for_Citizen_Safety.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                          e0#U05ea.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                            ReceitaFederal-consulta-yFZMA-45896_v.3_35687.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                              setup (1).msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                BOMB-762.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                  LaudoBombeirosPDF.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                    1nzNNooNMS.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                      Le55bnMCON.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDigital.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                          file_66efd0132ceed.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                            Guidelines_for_Citizen_Safety.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                              e0#U05ea.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                ReceitaFederal-consulta-yFZMA-45896_v.3_35687.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                  setup (1).msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                    BOMB-762.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                      LaudoBombeirosPDF.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                        1nzNNooNMS.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                          Le55bnMCON.msiGet hashmaliciousAteraAgentBrowse

                                                                                                                                                                                                                                                                                                            Created / dropped Files

                                                                                                                                                                                                                                                                                                            C:\Config.Msi\41c383.rbs

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):8829
                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.6523013608699175
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:192:Haj/xz1ccbTOOeMeMQ6177r6IHf77r6kAVv70HVotBVeZEmzmYpLAV773OpY95r:HabD2SzpztiB2ij
                                                                                                                                                                                                                                                                                                            MD5:FF55271D8B7AE4591EA95131E0ED4B44
                                                                                                                                                                                                                                                                                                            SHA1:D55F78EFC59C0EE1A47F5C2DB7264C59D600F47A
                                                                                                                                                                                                                                                                                                            SHA-256:4EAADA458F10E11039C01F355AFECF282BB9BF168FE5467019EEC21A5A683205
                                                                                                                                                                                                                                                                                                            SHA-512:29FDC66DFD877A9A63DAABEA6406368A00D75D9D109D1FD0F49472E32609256A4F33DC3C9610AE2BAEECB8CF27E37966E2DD8381DF04555F0ED65D1066126BB9
                                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Config.Msi\41c383.rbs, Author: Joe Security
                                                                                                                                                                                                                                                                                                            Preview:...@IXOS.@.....@.)xY.@.....@.....@.....@.....@.....@......&.{E732A0D7-A2F2-4657-AC41-B19742648E45}..AteraAgent..registration.msi.@.....@.....@.....@........&.{721AD955-79FD-4019-BBF5-9DCC4C1175BB}.....@.....@.....@.....@.......@.....@.....@.......@......AteraAgent......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....StopAteraServiceQuiet....KillAteraTaskQuiet....ProcessComponents..Updating component registration..&.{F7DFE9BA-9FAD-11DA-9578-00E08161165F}&.{E732A0D7-A2F2-4657-AC41-B19742648E45}.@......&.{C8C868DC-3A5E-4180-A7BB-03D6282966CB}&.{E732A0D7-A2F2-4657-AC41-B19742648E45}.@......&.{0EC8B23C-C723-41E1-9105-4B9C2CDAD47A}&.{E732A0D7-A2F2-4657-AC41-B19742648E45}.@......&.{F1B1B9D1-F1B0-420C-9D93-F04E9BD4795D}&.{E732A0D7-A2F2-4657-AC41-B19742648E45}.@......&.{5F95F700-DCA4-4880-B2D2-891AE0D6E1A3}&.{E732A0D7-A2F2-4657-AC41-B19742648E45}.@......&.{F62C52BA-15C7-4C3D-AAB2-DE65004F9665}&.{E732A0D7-A2F2-4657-AC41-B19742648E45}.@......&.{38F01010-E

                                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):753
                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.853078320826549
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:12:qLLYem7haYNem7hcomf3em7hUQLtygXnC9xkKxeCsx/Yem7haYNem7hcomf3em7B:qLUVhzVhM3VhdLtXXIxkKxeCsOVhzVhY
                                                                                                                                                                                                                                                                                                            MD5:8298451E4DEE214334DD2E22B8996BDC
                                                                                                                                                                                                                                                                                                            SHA1:BC429029CC6B42C59C417773EA5DF8AE54DBB971
                                                                                                                                                                                                                                                                                                            SHA-256:6FBF5845A6738E2DC2AA67DD5F78DA2C8F8CB41D866BBBA10E5336787C731B25
                                                                                                                                                                                                                                                                                                            SHA-512:CDA4FFD7D6C6DFF90521C6A67A3DBA27BF172CC87CEE2986AE46DCCD02F771D7E784DCAD8AEA0AD10DECF46A1C8AE1041C184206EC2796E54756E49B9217D7BA
                                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog, Author: Joe Security
                                                                                                                                                                                                                                                                                                            Preview:.Installing assembly 'C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe'...Affected parameters are:.. logtoconsole = .. assemblypath = C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.. logfile = C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog..Installing service AteraAgent.....Service AteraAgent has been successfully installed...Creating EventLog source AteraAgent in log Application.....Committing assembly 'C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe'...Affected parameters are:.. logtoconsole = .. assemblypath = C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.. logfile = C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog..

                                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallState

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (7463), with no line terminators
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):7466
                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.1606801095705865
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:96:R3DrP/zatgCnNjn1x62muDr9aHmzcv/65m7JDcm0BefnanGEkn56vT4ZvR++JDr+:NexdYX7OSRjXsaA0Ndhi
                                                                                                                                                                                                                                                                                                            MD5:362CE475F5D1E84641BAD999C16727A0
                                                                                                                                                                                                                                                                                                            SHA1:6B613C73ACB58D259C6379BD820CCA6F785CC812
                                                                                                                                                                                                                                                                                                            SHA-256:1F78F1056761C6EBD8965ED2C06295BAFA704B253AFF56C492B93151AB642899
                                                                                                                                                                                                                                                                                                            SHA-512:7630E1629CF4ABECD9D3DDEA58227B232D5C775CB480967762A6A6466BE872E1D57123B08A6179FE1CFBC09403117D0F81BC13724F259A1D25C1325F1EAC645B
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Preview:.<?xml version="1.0" encoding="utf-8"?><ArrayOfKeyValueOfanyTypeanyType xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns:x="http://www.w3.org/2001/XMLSchema" z:Id="1" z:Type="System.Collections.Hashtable" z:Assembly="0" xmlns:z="http://schemas.microsoft.com/2003/10/Serialization/" xmlns="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><LoadFactor z:Id="2" z:Type="System.Single" z:Assembly="0" xmlns="">0.72</LoadFactor><Version z:Id="3" z:Type="System.Int32" z:Assembly="0" xmlns="">2</Version><Comparer i:nil="true" xmlns="" /><HashCodeProvider i:nil="true" xmlns="" /><HashSize z:Id="4" z:Type="System.Int32" z:Assembly="0" xmlns="">3</HashSize><Keys z:Id="5" z:Type="System.Object[]" z:Assembly="0" z:Size="2" xmlns=""><anyType z:Id="6" z:Type="System.String" z:Assembly="0" xmlns="http://schemas.microsoft.com/2003/10/Serialization/Arrays">_reserved_nestedSavedStates</anyType><anyType z:Id="7" z:Type="System.String" z:Assembly="0" xmlns="http://schemas.microsoft.com/20

                                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):145968
                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.874150428357998
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:3072:bk/SImWggsVz8TzihTmmrG/GOXYsqRK3ybTXzpUTQM9/FMp:ISWB/YrRK3yb37
                                                                                                                                                                                                                                                                                                            MD5:477293F80461713D51A98A24023D45E8
                                                                                                                                                                                                                                                                                                            SHA1:E9AA4E6C514EE951665A7CD6F0B4A4C49146241D
                                                                                                                                                                                                                                                                                                            SHA-256:A96A0BA7998A6956C8073B6EFF9306398CC03FB9866E4CABF0810A69BB2A43B2
                                                                                                                                                                                                                                                                                                            SHA-512:23F3BD44A5FB66BE7FEA3F7D6440742B657E4050B565C1F8F4684722502D46B68C9E54DCC2486E7DE441482FCC6AA4AD54E94B1D73992EB5D070E2A17F35DE2F
                                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 26%
                                                                                                                                                                                                                                                                                                            Joe Sandbox View:
                                                                                                                                                                                                                                                                                                            • Filename: Digital.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                            • Filename: file_66efd0132ceed.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                            • Filename: Guidelines_for_Citizen_Safety.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                            • Filename: e0#U05ea.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                            • Filename: ReceitaFederal-consulta-yFZMA-45896_v.3_35687.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                            • Filename: setup (1).msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                            • Filename: BOMB-762.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                            • Filename: LaudoBombeirosPDF.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                            • Filename: 1nzNNooNMS.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                            • Filename: Le55bnMCON.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...O..e.........."...0.............f$... ...@....@.. ...............................1....`..................................$..O....@..,...............0(...`......."............................................... ............... ..H............text...|.... ...................... ..`.rsrc...,....@......................@..@.reloc.......`......................@..B................H$......H.......(...D4..........l!..p.............................................{....*.0..N........~......,.~.....+:(.......~....(........(....#.......@....,.(.....+.~.....+..*...0..;........(.......(.....1.(.......(........+....,.~.....+.~.....+..*..0..6........~....%-.&~..........s....%.....s ......o!.....o"....*...0..O........(...........~#...r...po$..........,..rG..ps%...z.rO..p.....(&....~.....o'....*..0..>........~#...r...po(............,'.~#...r...po$............,.rG..ps%...

                                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.config

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):1442
                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.076953226383825
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:24:JdfrdB2nk3Jc3J4YH33Jy34OqsJ+J4YHKJy34OOAPF7NhOXrRH2/d9r:3frf2nKS4YHJyILsJ+J4YHKJyIv47O7w
                                                                                                                                                                                                                                                                                                            MD5:B3BB71F9BB4DE4236C26578A8FAE2DCD
                                                                                                                                                                                                                                                                                                            SHA1:1AD6A034CCFDCE5E3A3CED93068AA216BD0C6E0E
                                                                                                                                                                                                                                                                                                            SHA-256:E505B08308622AD12D98E1C7A07E5DC619A2A00BCD4A5CBE04FE8B078BCF94A2
                                                                                                                                                                                                                                                                                                            SHA-512:FB6A46708D048A8F964839A514315B9C76659C8E1AB2CD8C5C5D8F312AA4FB628AB3CE5D23A793C41C13A2AA6A95106A47964DAD72A5ECB8D035106FC5B7BA71
                                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                                            Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" /></startup>.... <appSettings>.. .. .. .. <add key="ClientSettingsProvider.ServiceUri" value="" />.. </appSettings>.. .. .. <system.web>.. <membership defaultProvider="ClientAuthenticationMembershipProvider">.. <providers>.. <add name="ClientAuthenticationMembershipProvider" type="System.Web.ClientServices.Providers.ClientFormsAuthenticationMembershipProvider, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" />.. </providers>.. </membership>.. <roleManager defaultProvider="ClientRoleProvider" enabled="true">.. <providers>.. <add name="ClientRoleProvider" type="System.Web.ClientServices.Providers.ClientRoleProvider, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" cacheTimeout="86

                                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dll

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):3318832
                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.534876879948643
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:49152:yIBbo0WIgmjljFtXCdRLRBcJd+KaGxHIkMNqzP56O8lZ7qXUqi9p:DBbBWIgWljGxRB/LLp
                                                                                                                                                                                                                                                                                                            MD5:11CC798BAFA45BE12D27C68D6B59BA27
                                                                                                                                                                                                                                                                                                            SHA1:4D1CA0C0F1BC3691F5F852CC8D3ED88605B70434
                                                                                                                                                                                                                                                                                                            SHA-256:443A1C088E62810A954FFE9F0136F7A8D5E44928425D23B5284D936270D9837A
                                                                                                                                                                                                                                                                                                            SHA-512:FA0AEAF5309FD1593DB8AF774F18AA9CDA9B7ABD3F32D34CFD1B615EE68CECA0155DFB0AB7351E182B1B9D872BF41B19E66D2B597D2BA6300AF332A0F525C75A
                                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                            Joe Sandbox View:
                                                                                                                                                                                                                                                                                                            • Filename: Digital.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                            • Filename: file_66efd0132ceed.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                            • Filename: Guidelines_for_Citizen_Safety.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                            • Filename: e0#U05ea.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                            • Filename: ReceitaFederal-consulta-yFZMA-45896_v.3_35687.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                            • Filename: setup (1).msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                            • Filename: BOMB-762.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                            • Filename: LaudoBombeirosPDF.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                            • Filename: 1nzNNooNMS.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                            • Filename: Le55bnMCON.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....R............" ..0..r2..........&1.. ....2...... ........................2.....i.3...@.................................G&1.O.....2..............|2.0(....2.....X.(.p............................................ ............... ..H............text....p2.. ...r2................. ..`.rsrc.........2......t2.............@..@.reloc........2......z2.............@..B................{&1.....H...........$....................(.....................................V!........s.........*.~....-*(....o....o....o.........~....-.~.........~....*..( ...*...0..G.......(!....o"....s.1....s*,..%..(.... ....o.....o 0...Zo....t....o8(..(....*..0..$..........(.....(....o.....(!.......io#...*z...(....(!....o"...o....(....*..0............T....r...p.(O....o$....(....*..0..I.......sG...sB)..s.(..s.(...(....s6(....,..o%....2...(....sV(....+.....%..ox...*..( ...*V.(&.....}......}..

                                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):215088
                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.030864151731967
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:6144:r1uYsjrFIzmuxpOI/1MvCdRbpSISC8j7s/k:mIzm6pOIgvr7ok
                                                                                                                                                                                                                                                                                                            MD5:C106DF1B5B43AF3B937ACE19D92B42F3
                                                                                                                                                                                                                                                                                                            SHA1:7670FC4B6369E3FB705200050618ACAA5213637F
                                                                                                                                                                                                                                                                                                            SHA-256:2B5B7A2AFBC88A4F674E1D7836119B57E65FAE6863F4BE6832C38E08341F2D68
                                                                                                                                                                                                                                                                                                            SHA-512:616E45E1F15486787418A2B2B8ECA50CACAC6145D353FF66BF2C13839CD3DB6592953BF6FEED1469DB7DDF2F223416D5651CD013FB32F64DC6C72561AB2449AE
                                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....*............" ..0..............'... ...@....... ....................................`..................................'..O....@..t............ ..0(...`.......&..T............................................ ............... ..H............text........ ...................... ..`.rsrc...t....@......................@..@.reloc.......`......................@..B.................'......H........... ...................$&........................................( ...*"..(!...*&...("...*&...(#...*2.r...p(....*"..(....*&...(....*&...(....*2.rE..p(....*"..(....*&...(....*&...(....*2.r...p(....*"..(....*&...(....*&...(....*J..r...p($...(....*v....(%.....(%.....(%...(....*....L...%...%.r...p.%...%.r...p.%....%.r+..p.%...(&...(....*..(....*&...(....*&...(....*.0..)........{.........('...t......|......(...+...3.*....0..)........{.........()...t......|......(...+...3.

                                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):710192
                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.96048066969898
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:12288:3BARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTUU:3BA/ZTvQD0XY0AJBSjRlXP36RMGV
                                                                                                                                                                                                                                                                                                            MD5:2C4D25B7FBD1ADFD4471052FA482AF72
                                                                                                                                                                                                                                                                                                            SHA1:FD6CD773D241B581E3C856F9E6CD06CB31A01407
                                                                                                                                                                                                                                                                                                            SHA-256:2A7A84768CC09A15362878B270371DAAD9872CAACBBEEBE7F30C4A7ED6C03CA7
                                                                                                                                                                                                                                                                                                            SHA-512:F7F94EC00435466DB2FB535A490162B906D60A3CFA531A36C4C552183D62D58CCC9A6BB8BBFE39815844B0C3A861D3E1F1178E29DBCB6C09FA2E6EBBB7AB943A
                                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ......J.....`.....................................O.......................0(.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation.zip

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            File Type:Zip archive data, at least v4.5 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):384542
                                                                                                                                                                                                                                                                                                            Entropy (8bit):7.999374626035649
                                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                                            SSDEEP:6144:viqRTU5exRWDCtTLvL0XRFJE9A+BQlv9I+NBsNQvaNXvhGf1mzVeUXJLo:vil/DSLvAJ6CxBHmJXVpJLo
                                                                                                                                                                                                                                                                                                            MD5:4A09A87D2004DAC4B00687E9C9F15036
                                                                                                                                                                                                                                                                                                            SHA1:C78BB288E7A96642093ABE44CB9B7BBD3EC447BA
                                                                                                                                                                                                                                                                                                            SHA-256:2DBC8CF2592604C09793CBED61E0B072B1B1FFA375FB3C9ABCA83FA0E18AB9A5
                                                                                                                                                                                                                                                                                                            SHA-512:F555F5A0BB80514BC71BB33A77620D28A9E6715E538372AAA7F0500BC8D5BFE8511F5CA982E15304422479FF693E6F38510D6616A94580FC1B105DD2DA605EAA
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Preview:PK..-......9lY...}........=...AgentPackageAgentInformation/AgentPackageAgentInformation.exe....(...................,...1.9>ks'6.s+a.....q!b.N......C...... $..:-u.&.......@~...!s.....}...;.._.0.A.... S.....P...(/.Lc..v.!......CH....(..j..T..4m.ty...........;.uj.Dv2..m...`v._....?. ..W.....O.|.EgdF..vL.^../..?!e../eRs..{.[.m........q$0..o..%..2..._....IW`m>".~6.y....w....G.z.v..~.t.#.mg.l7..6#..W..........V..#..........l|.K..=.&q=3y.g..KL.x`.D.L.,..l..Qw...^lSr#\.=...`'&..A.>.ME`..!....g.z....A../........6.||..-.....,...I.3.n.P..%..}oZ.~.'..q]JY)...G]Z=.^..2..[c.t.O5DI.O.H..{>....+n.'...!..#z..(F.Ue."...#.........z....L..tLv.3.8?..t\-..h.e.S.^W.....W..z.....Y|....P.....&.6.\5cs..X....F.......~a...Z@5.@....}....o...8B.?...r.....kS....`iT.q-)8.~.YU....w.kh.]......V..OZEI..@...>.9.......B76.O...b.7.u..kh.L.$....Q...F2^.J.L.C<"m.c..X..-...XQ...P=2.e/.fA...8..a...z...w8W.^w-..[!....QI}:2.?..K....34....}"...........\.%.X.j@G..4...f....<..v@.`.w

                                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):177704
                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.814572246989157
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:3072:2DpvOyLSson7aezB53Pbsk4GJCMA1TSuAehuZ7f2lz8/Cvolc3a:2D4y07asBx4krGSegZX3
                                                                                                                                                                                                                                                                                                            MD5:FD9DF72620BCA7C4D48BC105C89DFFD2
                                                                                                                                                                                                                                                                                                            SHA1:2E537E504704670B52CE775943F14BFBAF175C1B
                                                                                                                                                                                                                                                                                                            SHA-256:847D0CD49CCE4975BAFDEB67295ED7D2A3B059661560CA5E222544E9DFC5E760
                                                                                                                                                                                                                                                                                                            SHA-512:47228CBDBA54CD4E747DBA152FEB76A42BFC6CD781054998A249B62DD0426C5E26854CE87B6373F213B4E538A62C08A89A488E719E2E763B7B968E77FBF4FC02
                                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....2g.........."...0................. ........@.. ..............................y.....`.....................................O.......................((..........X................................................ ............... ..H............text...0.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H...................,....................................................0..........r...p... .....r...p.(.....o......(.....o......(.....o...........s......[o .....s!...%.o".......o#.....s$..........s%...%......io&...%o'.....o(.......o)...o).....(*...*..0..........r...p... .....r...p.(.....o......(.....o.......(+..........s......[o .....s!...%.o".......o,.......s-..........s%......i.l.....%......io........o)...o)...(.........o/...*..(0...*..{....*"..}....*..{....*"..}....*..{.

                                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe.config

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):546
                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.048902065665432
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:12:MMHdG3VSQg9LNFF7ap+5v5OXrRf/2//FicYo4xm:JdASPF7NhOXrRH2/d9r
                                                                                                                                                                                                                                                                                                            MD5:158FB7D9323C6CE69D4FCE11486A40A1
                                                                                                                                                                                                                                                                                                            SHA1:29AB26F5728F6BA6F0E5636BF47149BD9851F532
                                                                                                                                                                                                                                                                                                            SHA-256:5E38EF232F42F9B0474F8CE937A478200F7A8926B90E45CB375FFDA339EC3C21
                                                                                                                                                                                                                                                                                                            SHA-512:7EEFCC5E65AB4110655E71BC282587E88242C15292D9C670885F0DAAE30FA19A4B059390EB8E934607B8B14105E3E25D7C5C1B926B6F93BDD40CBD284AAA3CEB
                                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                                            Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>...<supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. </assemblyBinding>.. </runtime>..</configuration>..

                                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.ini

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):12
                                                                                                                                                                                                                                                                                                            Entropy (8bit):3.584962500721156
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:3:WhWbn:WCn
                                                                                                                                                                                                                                                                                                            MD5:EB053699FC80499A7185F6D5F7D55BFE
                                                                                                                                                                                                                                                                                                            SHA1:9700472D22B1995C320507917FA35088AE4E5F05
                                                                                                                                                                                                                                                                                                            SHA-256:BCE3DFDCA8F0B57846E914D497F4BB262E3275F05EA761D0B4F4B778974E6967
                                                                                                                                                                                                                                                                                                            SHA-512:D66FA39C69D9C6448518CB9F98CBDAD4CE5E93CEEF8D20CE0DEEF91FB3E512B5D5A9458F7B8A53D4B68D693107872C5445E99F87C948878F712F8A79BC761DBF
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Preview:version=38.0

                                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):96808
                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.1799972918389185
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:1536:UJt7dqUlizL21LDdeOKTfLz2L506wFj/XxFoKjhJG/50vks00UfgfgvO1762A:UQUm2H5KTfOLgxFJjE50vksVUfPvO1W
                                                                                                                                                                                                                                                                                                            MD5:E2A9291940753244C88CB68D28612996
                                                                                                                                                                                                                                                                                                            SHA1:BAD8529A85C32E5C26C907CFB2FB0DA8461407AE
                                                                                                                                                                                                                                                                                                            SHA-256:6565E67D5DB582B3DE0B266EB59A8ACEC7CDF9943C020CB6879833D8BD784378
                                                                                                                                                                                                                                                                                                            SHA-512:F07669A3939E3E6B5A4D90C3A5B09CA2448E8E43AF23C08F7A8621817A49F7B0F5956D0539333A6DF334CC3E517255242E572EAEF02A7BBF4BC141A438BF9EB9
                                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....0.d.........." ..0..H..........zf... ........... ..............................Y.....`.................................(f..O.......8............R..((...........d............................................... ............... ..H............text....F... ...H.................. ..`.rsrc...8............J..............@..@.reloc...............P..............@..B................\f......H........k..D............................................................0..>.......~........o....~......(....&.s.......&...~....(....,..(....&..*...........$...........'........(....*.......*.0..4.......(....o....r...p(....r...p(..........(....(......&..*........00......:.(......}....*..0..Z............( ...,......(!...*~..........("........( ...-..(....s#...........,..($.........(!...*..........&E.......0..G........{....,.(......5~%...r'..po&...rm..pr...po'...tR...r...p((..

                                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):704552
                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.953959038895453
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:12288:/9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3i:/8m657w6ZBLmkitKqBCjC0PDgM5y
                                                                                                                                                                                                                                                                                                            MD5:3EF8D12AA1D48DEC3AC19A0CEABD4FD8
                                                                                                                                                                                                                                                                                                            SHA1:C81B7229A9BD55185A0EDCCB7E6DF3B8E25791CF
                                                                                                                                                                                                                                                                                                            SHA-256:18C1DDBDBF47370CC85FA2CF7BA043711AB3EADBD8DA367638686DFD6B735C85
                                                                                                                                                                                                                                                                                                            SHA-512:0FF2E8DBFEF7164B22F9AE9865E83154096971C3F0B236D988AB947E803C1ED03D86529AB80D2BE9FF33AF305D34C9B30082F8C26E575F0979CA9287B415F9F9
                                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ...............................C....`.....................................O.......................((.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........{...,..................d.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{^....3...{]......(....,...{]...*..{_.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..

                                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):602672
                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.145404526272746
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:6144:UShQrHBJEwJiIJJ8TihsEWdzs29glRleqn4uRTJgwhVHhoNw0r17K7DDaiC3KM+9:gHDxJGihsEKwSuTuwvOWgFA
                                                                                                                                                                                                                                                                                                            MD5:17D74C03B6BCBCD88B46FCC58FC79A0D
                                                                                                                                                                                                                                                                                                            SHA1:BC0316E11C119806907C058D62513EB8CE32288C
                                                                                                                                                                                                                                                                                                            SHA-256:13774CC16C1254752EA801538BFB9A9D1328F8B4DD3FF41760AC492A245FBB15
                                                                                                                                                                                                                                                                                                            SHA-512:F1457A8596A4D4F9B98A7DCB79F79885FA28BD7FC09A606AD3CD6F37D732EC7E334A64458E51E65D839DDFCDF20B8B5676267AA8CED0080E8CF81A1B2291F030
                                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...X............." ..0............." ... ...@....... ....................................`.....................................O....@..|...............0(...`..........T............................................ ............... ..H............text...(.... ...................... ..`.rsrc...|....@......................@..@.reloc.......`......................@..B................. ......H............{..................x.......................................r.(......}......}......}....*....0..,........-..{.....o...+.+..{.....{....s.....o...+..*V.(......}......}....*...0...................-..+..o....s"........o$......o,....,..o....,...,....o(........,...oH...,...o......+.......9......o....,..{......o....o....o......s..........o&...8.....{......o....o........9e.....o.....?X.....r...po....9G.....r...po....o....r...p.( ...9&.....r...po....9......r...po....o.....

                                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\System.ValueTuple.dll

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):73264
                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.954475034553661
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:1536:6784YWac+abptsy5VyYc/9n1RcGxzeeUVn9KyQgHo0JuresehaAR7HxRq:67N1r9KGI04CCARLq
                                                                                                                                                                                                                                                                                                            MD5:F4D9D65581BD82AF6108CFA3DD265A9A
                                                                                                                                                                                                                                                                                                            SHA1:A926695B1E5D3842D8345C56C087E58845307A16
                                                                                                                                                                                                                                                                                                            SHA-256:A3219CD30420EBCF7507C9C9F92FD551AE19999BE247CAA861A8A22D265BE379
                                                                                                                                                                                                                                                                                                            SHA-512:144C1195A440907592B22FC947F4284CA36869BDAE495EC8CA5212AF4F63E8E8492FB0EC3B37BF66DB912AF30864C69588D0E35ED9B3D24D36DF3B09DDB5B6C3
                                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.Z.........." ..0.................. ... ....... .......................`.......f....@.....................................O.... ..P...............0(...@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...P.... ......................@..@.reloc.......@......................@..B........................H.......$...h...........................................................6..o.........*f..o...........o.........*...o...........o...........o.........*...o...........o ..........o!...........o"........*...o#..........o$..........o%...........o&...........o'........*....0..L.........o(..........o)..........o*...........o+...........o,...........o-........*.0..Y.........o...........o/..........o0...........o1...........o2...........o3...........o4.... ...*....0..k.........o5....

                                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\log.txt

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):214
                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.205533940094141
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:3:A0YdVROiEui9wqWluiKFHnFSLRg42VV/AFRKWilGwvGlGWlvXRPbVIXd2D2y:AjnOia9w3pKFSQwRIlcdRPK4DX
                                                                                                                                                                                                                                                                                                            MD5:C752EAE72CA10447C63AE94905FA891F
                                                                                                                                                                                                                                                                                                            SHA1:F90D64AC224566767888DB98C756CC3A48658C66
                                                                                                                                                                                                                                                                                                            SHA-256:894DA81834B44F01BDCFFF78F2EC473BC448AE6A5340FCC0F5E782622397733D
                                                                                                                                                                                                                                                                                                            SHA-512:51D1E14F1E2068E87D66D2488BE8DDDF98750B5383BEA6185B25792D9006394CACB142C52881474E01B636AB7A529B62B2717235C2B1EDE4D08A75F1C6D0BAD0
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Preview:/i /IntegratorLogin=1vf5mpi5iyis@upsnab.net /CompanyId=1 /IntegratorLoginUI= /CompanyIdUI= /FolderId= /AccountId=001Q300000Kh41eIAB /AgentId=95fbc98a-3c27-44ae-84cf-9e3acc292491.24/11/2024 05:15:29 Trace Starting..

                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AteraAgent.exe.log

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            File Type:CSV text
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):2402
                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.362731083469072
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:48:MxHKQg8mHDp684IHTQ06YHKGSI6oPtHTHhAHKKk+HKlT4v1qHGIs0HKaHKmTHlH7:iqzCIzQ06YqGSI6oPtzHeqKk+qZ4vwme
                                                                                                                                                                                                                                                                                                            MD5:28B4BFE9130A35038BD57B2F89847BAE
                                                                                                                                                                                                                                                                                                            SHA1:8DBF9D2800AB08CCA18B4BA00549513282B774A9
                                                                                                                                                                                                                                                                                                            SHA-256:19F498CAE589207075B8C82D7DACEAE23997D61B93A971A4F049DC14C8A3D514
                                                                                                                                                                                                                                                                                                            SHA-512:02100FD4059C4D32FBAAA9CEAACB14C50A4359E4217203B2F7A40E298AD819ED5469F2442291F12852527A2B7109CC5F7BFF7FDAD53BA5ABF75FC5F0474E984F
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.ServiceProcess, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Serv759bfb78#\e2ca4e2ddffdc0d0bda3f2ca65249790\System.ServiceProcess.ni.dll",0..3,"System.Configuration.Install, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Confe64a9051#\434f871c532673e1359654ad68a1c225\System.Configuration.Install.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\a

                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.log

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                            File Type:CSV text
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):651
                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.343677015075984
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhaOK9eDLI4MNJK9P/JNTK9yiv:ML9E4KlKDE4KhKiKhPKIE4oKNzKoM
                                                                                                                                                                                                                                                                                                            MD5:7EEF860682F76EC7D541A8C1A3494E3D
                                                                                                                                                                                                                                                                                                            SHA1:58D759A845D2D961A5430E429EF777E60C48C87E
                                                                                                                                                                                                                                                                                                            SHA-256:65E958955AC5DBB7D7AD573EB4BB36BFF4A1DC52DD16CF79A5F7A0FA347727F1
                                                                                                                                                                                                                                                                                                            SHA-512:BF7767D55F624B8404240953A726AA616D0CE60EC1B3027710B919D6838EFF7281A79B49B22AB8B065D8CA921EF4D09017A0991CB4A21DAF09B3B43E6698CB04
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..

                                                                                                                                                                                                                                                                                                            C:\Windows\Installer\41c382.msi

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: AteraAgent, Author: Atera networks, Keywords: Installer, Comments: This installer database contains the logic and data required to install AteraAgent., Template: Intel;1033, Revision Number: {721AD955-79FD-4019-BBF5-9DCC4C1175BB}, Create Time/Date: Wed Feb 28 10:52:02 2024, Last Saved Time/Date: Wed Feb 28 10:52:02 2024, Number of Pages: 200, Number of Words: 6, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):2994176
                                                                                                                                                                                                                                                                                                            Entropy (8bit):7.878665163350764
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:49152:u+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:u+lUlz9FKbsodq0YaH7ZPxMb8tT
                                                                                                                                                                                                                                                                                                            MD5:62367BA07BDC8E7ABDC94D2BBE076216
                                                                                                                                                                                                                                                                                                            SHA1:5F0F1C2D77230F41CBB65989F24868A6DC4C9CFC
                                                                                                                                                                                                                                                                                                            SHA-256:ED0AE67F36657CFE892FB58CC02B28F237AB5DE0ED5F8CD902981DC892D7F737
                                                                                                                                                                                                                                                                                                            SHA-512:4CD294B23518AC716929EDA0061048CA0CA57A93593D9A6D8244B97D9A75B6D0017CBA24328C5C5578F9EFE5338C103FD18A11BEB58F0B5D9A1427C4051FA2A8
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                            C:\Windows\Installer\41c384.msi

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: AteraAgent, Author: Atera networks, Keywords: Installer, Comments: This installer database contains the logic and data required to install AteraAgent., Template: Intel;1033, Revision Number: {721AD955-79FD-4019-BBF5-9DCC4C1175BB}, Create Time/Date: Wed Feb 28 10:52:02 2024, Last Saved Time/Date: Wed Feb 28 10:52:02 2024, Number of Pages: 200, Number of Words: 6, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):2994176
                                                                                                                                                                                                                                                                                                            Entropy (8bit):7.878665163350764
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:49152:u+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:u+lUlz9FKbsodq0YaH7ZPxMb8tT
                                                                                                                                                                                                                                                                                                            MD5:62367BA07BDC8E7ABDC94D2BBE076216
                                                                                                                                                                                                                                                                                                            SHA1:5F0F1C2D77230F41CBB65989F24868A6DC4C9CFC
                                                                                                                                                                                                                                                                                                            SHA-256:ED0AE67F36657CFE892FB58CC02B28F237AB5DE0ED5F8CD902981DC892D7F737
                                                                                                                                                                                                                                                                                                            SHA-512:4CD294B23518AC716929EDA0061048CA0CA57A93593D9A6D8244B97D9A75B6D0017CBA24328C5C5578F9EFE5338C103FD18A11BEB58F0B5D9A1427C4051FA2A8
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSIC4F9.tmp

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):521954
                                                                                                                                                                                                                                                                                                            Entropy (8bit):7.356225107100806
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:12288:GnBaimP+DJLxQb6CBCldjCaOIM7PmD8WoKO2qHxf:kG2D3QbCldj1MK/tzG
                                                                                                                                                                                                                                                                                                            MD5:88D29734F37BDCFFD202EAFCDD082F9D
                                                                                                                                                                                                                                                                                                            SHA1:823B40D05A1CAB06B857ED87451BF683FDD56A5E
                                                                                                                                                                                                                                                                                                            SHA-256:87C97269E2B68898BE87B884CD6A21880E6F15336B1194713E12A2DB45F1DCCF
                                                                                                                                                                                                                                                                                                            SHA-512:1343ED80DCCF0FA4E7AE837B68926619D734BC52785B586A4F4102D205497D2715F951D9ACACC8C3E5434A94837820493173040DC90FB7339A34B6F3EF0288D0
                                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................'P\....'P^....'P_...........................>.......4..................R......:...........Rich...........................PE..L....o.]...........!.....D...|.......L.......`......................................S#....@.........................0}...*......x.......d.......................4... s..T...........................xs..@............`..l............................text....B.......D.................. ..`.rdata...Q...`...R...H..............@..@.data...p...........................@....rsrc...d...........................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSIC4F9.tmp-\AlphaControlAgentInstallation.dll

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):25600
                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.009968638752024
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:384:akuS4rIWmFo967HkYc/4CmvZqVZa9VSlkfO2IROklJhwaHr1LpvTVi:RuVs3bXCmvZqu3u9OiNL1LpvTs
                                                                                                                                                                                                                                                                                                            MD5:AA1B9C5C685173FAD2DABEBEB3171F01
                                                                                                                                                                                                                                                                                                            SHA1:ED756B1760E563CE888276FF248C734B7DD851FB
                                                                                                                                                                                                                                                                                                            SHA-256:E44A6582CD3F84F4255D3C230E0A2C284E0CFFA0CA5E62E4D749E089555494C7
                                                                                                                                                                                                                                                                                                            SHA-512:D3BFB4BD7E7FDB7159FBFC14056067C813CE52CDD91E885BDAAC36820B5385FB70077BF58EC434D31A5A48245EB62B6794794618C73FE7953F79A4FC26592334
                                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSIC4F9.tmp-\AlphaControlAgentInstallation.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R..e.........." ..0..Z..........Bx... ........... ....................................`..................................w..O....................................v............................................... ............... ..H............text...HX... ...Z.................. ..`.rsrc................\..............@..@.reloc...............b..............@..B................$x......H........5...A............................................................(....r...p(.....s....o....,.r;..p(....(.... ....*r...p(.....*..0..M........(....r...p(.....s@...oA...,$(H...-..s'...r...pr;..p.o(.....o....r[..p(.....*....0..N........(....r...p(.....o....r...p..o....,..,..~.....o....,..*.s+...o,...r...p(.....*..(....r...p(.....s>...o?...rE..p(.....*..(....rm..p(.....s'...r...p..o(...r...p(.....*..(....r...p(.....s'...r...p..o(...r;..p(.....*..(....r]..p(.....s'...r...p

                                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSIC4F9.tmp-\CustomAction.config

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):1538
                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.735670966653348
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB+aZtG9jDqRp:c0nd5t7q7WsFD7t3tG96n
                                                                                                                                                                                                                                                                                                            MD5:BC17E956CDE8DD5425F2B2A68ED919F8
                                                                                                                                                                                                                                                                                                            SHA1:5E3736331E9E2F6BF851E3355F31006CCD8CAA99
                                                                                                                                                                                                                                                                                                            SHA-256:E4FF538599C2D8E898D7F90CCF74081192D5AFA8040E6B6C180F3AA0F46AD2C5
                                                                                                                                                                                                                                                                                                            SHA-512:02090DAF1D5226B33EDAAE80263431A7A5B35A2ECE97F74F494CC138002211E71498D42C260395ED40AEE8E4A40474B395690B8B24E4AEE19F0231DA7377A940
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSIC4F9.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):184240
                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.876033362692288
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                                                                                                                            MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                                                                                                                            SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                                                                                                                            SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                                                                                                                            SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSIC4F9.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):711952
                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.96669864901384
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:12288:WBARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTU+:WBA/ZTvQD0XY0AJBSjRlXP36RMG7
                                                                                                                                                                                                                                                                                                            MD5:715A1FBEE4665E99E859EDA667FE8034
                                                                                                                                                                                                                                                                                                            SHA1:E13C6E4210043C4976DCDC447EA2B32854F70CC6
                                                                                                                                                                                                                                                                                                            SHA-256:C5C83BBC1741BE6FF4C490C0AEE34C162945423EC577C646538B2D21CE13199E
                                                                                                                                                                                                                                                                                                            SHA-512:BF9744CCB20F8205B2DE39DBE79D34497B4D5C19B353D0F95E87EA7EF7FA1784AEA87E10EFCEF11E4C90451EAA47A379204EB0533AA3018E378DD3511CE0E8AD
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ............`.....................................O......................../.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSIC4F9.tmp-\System.Management.dll

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):61448
                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.332072334718381
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:768:xieZDWtg+ESsRTgCayrMkp6SEI9016UJKdi1diF55U/h:xwg+ESsVgCayY/pYgwkd0Eh
                                                                                                                                                                                                                                                                                                            MD5:878E361C41C05C0519BFC72C7D6E141C
                                                                                                                                                                                                                                                                                                            SHA1:432EF61862D3C7A95AB42DF36A7CAF27D08DC98F
                                                                                                                                                                                                                                                                                                            SHA-256:24DE61B5CAB2E3495FE8D817FB6E80094662846F976CF38997987270F8BBAE40
                                                                                                                                                                                                                                                                                                            SHA-512:59A7CBB9224EE28A0F3D88E5F0C518B248768FF0013189C954A3012463E5C0BA63A7297497131C9C0306332646AF935DD3A1ACF0D3E4E449351C28EC9F1BE1FA
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....bP.........." ..................... .........c. ....................... ......>.....`.....................................O.......\................>........................................................... ............... ..H............text........ ...................... ..`.rsrc...\...........................@..@.reloc..............................@..B........................H........"..`...........D....".......................................................................................0...............0.......................................................................0...............................................................................................................................................0...............0...................................................0...............0..............................................

                                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSICAE6.tmp

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):521954
                                                                                                                                                                                                                                                                                                            Entropy (8bit):7.356225107100806
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:12288:GnBaimP+DJLxQb6CBCldjCaOIM7PmD8WoKO2qHxf:kG2D3QbCldj1MK/tzG
                                                                                                                                                                                                                                                                                                            MD5:88D29734F37BDCFFD202EAFCDD082F9D
                                                                                                                                                                                                                                                                                                            SHA1:823B40D05A1CAB06B857ED87451BF683FDD56A5E
                                                                                                                                                                                                                                                                                                            SHA-256:87C97269E2B68898BE87B884CD6A21880E6F15336B1194713E12A2DB45F1DCCF
                                                                                                                                                                                                                                                                                                            SHA-512:1343ED80DCCF0FA4E7AE837B68926619D734BC52785B586A4F4102D205497D2715F951D9ACACC8C3E5434A94837820493173040DC90FB7339A34B6F3EF0288D0
                                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................'P\....'P^....'P_...........................>.......4..................R......:...........Rich...........................PE..L....o.]...........!.....D...|.......L.......`......................................S#....@.........................0}...*......x.......d.......................4... s..T...........................xs..@............`..l............................text....B.......D.................. ..`.rdata...Q...`...R...H..............@..@.data...p...........................@....rsrc...d...........................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSICAE6.tmp-\AlphaControlAgentInstallation.dll

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):25600
                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.009968638752024
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:384:akuS4rIWmFo967HkYc/4CmvZqVZa9VSlkfO2IROklJhwaHr1LpvTVi:RuVs3bXCmvZqu3u9OiNL1LpvTs
                                                                                                                                                                                                                                                                                                            MD5:AA1B9C5C685173FAD2DABEBEB3171F01
                                                                                                                                                                                                                                                                                                            SHA1:ED756B1760E563CE888276FF248C734B7DD851FB
                                                                                                                                                                                                                                                                                                            SHA-256:E44A6582CD3F84F4255D3C230E0A2C284E0CFFA0CA5E62E4D749E089555494C7
                                                                                                                                                                                                                                                                                                            SHA-512:D3BFB4BD7E7FDB7159FBFC14056067C813CE52CDD91E885BDAAC36820B5385FB70077BF58EC434D31A5A48245EB62B6794794618C73FE7953F79A4FC26592334
                                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSICAE6.tmp-\AlphaControlAgentInstallation.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R..e.........." ..0..Z..........Bx... ........... ....................................`..................................w..O....................................v............................................... ............... ..H............text...HX... ...Z.................. ..`.rsrc................\..............@..@.reloc...............b..............@..B................$x......H........5...A............................................................(....r...p(.....s....o....,.r;..p(....(.... ....*r...p(.....*..0..M........(....r...p(.....s@...oA...,$(H...-..s'...r...pr;..p.o(.....o....r[..p(.....*....0..N........(....r...p(.....o....r...p..o....,..,..~.....o....,..*.s+...o,...r...p(.....*..(....r...p(.....s>...o?...rE..p(.....*..(....rm..p(.....s'...r...p..o(...r...p(.....*..(....r...p(.....s'...r...p..o(...r;..p(.....*..(....r]..p(.....s'...r...p

                                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSICAE6.tmp-\CustomAction.config

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):1538
                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.735670966653348
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB+aZtG9jDqRp:c0nd5t7q7WsFD7t3tG96n
                                                                                                                                                                                                                                                                                                            MD5:BC17E956CDE8DD5425F2B2A68ED919F8
                                                                                                                                                                                                                                                                                                            SHA1:5E3736331E9E2F6BF851E3355F31006CCD8CAA99
                                                                                                                                                                                                                                                                                                            SHA-256:E4FF538599C2D8E898D7F90CCF74081192D5AFA8040E6B6C180F3AA0F46AD2C5
                                                                                                                                                                                                                                                                                                            SHA-512:02090DAF1D5226B33EDAAE80263431A7A5B35A2ECE97F74F494CC138002211E71498D42C260395ED40AEE8E4A40474B395690B8B24E4AEE19F0231DA7377A940
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSICAE6.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):184240
                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.876033362692288
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                                                                                                                            MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                                                                                                                            SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                                                                                                                            SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                                                                                                                            SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSICAE6.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):711952
                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.96669864901384
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:12288:WBARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTU+:WBA/ZTvQD0XY0AJBSjRlXP36RMG7
                                                                                                                                                                                                                                                                                                            MD5:715A1FBEE4665E99E859EDA667FE8034
                                                                                                                                                                                                                                                                                                            SHA1:E13C6E4210043C4976DCDC447EA2B32854F70CC6
                                                                                                                                                                                                                                                                                                            SHA-256:C5C83BBC1741BE6FF4C490C0AEE34C162945423EC577C646538B2D21CE13199E
                                                                                                                                                                                                                                                                                                            SHA-512:BF9744CCB20F8205B2DE39DBE79D34497B4D5C19B353D0F95E87EA7EF7FA1784AEA87E10EFCEF11E4C90451EAA47A379204EB0533AA3018E378DD3511CE0E8AD
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ............`.....................................O......................../.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSICAE6.tmp-\System.Management.dll

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):61448
                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.332072334718381
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:768:xieZDWtg+ESsRTgCayrMkp6SEI9016UJKdi1diF55U/h:xwg+ESsVgCayY/pYgwkd0Eh
                                                                                                                                                                                                                                                                                                            MD5:878E361C41C05C0519BFC72C7D6E141C
                                                                                                                                                                                                                                                                                                            SHA1:432EF61862D3C7A95AB42DF36A7CAF27D08DC98F
                                                                                                                                                                                                                                                                                                            SHA-256:24DE61B5CAB2E3495FE8D817FB6E80094662846F976CF38997987270F8BBAE40
                                                                                                                                                                                                                                                                                                            SHA-512:59A7CBB9224EE28A0F3D88E5F0C518B248768FF0013189C954A3012463E5C0BA63A7297497131C9C0306332646AF935DD3A1ACF0D3E4E449351C28EC9F1BE1FA
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....bP.........." ..................... .........c. ....................... ......>.....`.....................................O.......\................>........................................................... ............... ..H............text........ ...................... ..`.rsrc...\...........................@..@.reloc..............................@..B........................H........"..`...........D....".......................................................................................0...............0.......................................................................0...............................................................................................................................................0...............0...................................................0...............0..............................................

                                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSIE1CA.tmp

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):521954
                                                                                                                                                                                                                                                                                                            Entropy (8bit):7.356225107100806
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:12288:GnBaimP+DJLxQb6CBCldjCaOIM7PmD8WoKO2qHxf:kG2D3QbCldj1MK/tzG
                                                                                                                                                                                                                                                                                                            MD5:88D29734F37BDCFFD202EAFCDD082F9D
                                                                                                                                                                                                                                                                                                            SHA1:823B40D05A1CAB06B857ED87451BF683FDD56A5E
                                                                                                                                                                                                                                                                                                            SHA-256:87C97269E2B68898BE87B884CD6A21880E6F15336B1194713E12A2DB45F1DCCF
                                                                                                                                                                                                                                                                                                            SHA-512:1343ED80DCCF0FA4E7AE837B68926619D734BC52785B586A4F4102D205497D2715F951D9ACACC8C3E5434A94837820493173040DC90FB7339A34B6F3EF0288D0
                                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................'P\....'P^....'P_...........................>.......4..................R......:...........Rich...........................PE..L....o.]...........!.....D...|.......L.......`......................................S#....@.........................0}...*......x.......d.......................4... s..T...........................xs..@............`..l............................text....B.......D.................. ..`.rdata...Q...`...R...H..............@..@.data...p...........................@....rsrc...d...........................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSIE1CA.tmp-\AlphaControlAgentInstallation.dll

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):25600
                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.009968638752024
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:384:akuS4rIWmFo967HkYc/4CmvZqVZa9VSlkfO2IROklJhwaHr1LpvTVi:RuVs3bXCmvZqu3u9OiNL1LpvTs
                                                                                                                                                                                                                                                                                                            MD5:AA1B9C5C685173FAD2DABEBEB3171F01
                                                                                                                                                                                                                                                                                                            SHA1:ED756B1760E563CE888276FF248C734B7DD851FB
                                                                                                                                                                                                                                                                                                            SHA-256:E44A6582CD3F84F4255D3C230E0A2C284E0CFFA0CA5E62E4D749E089555494C7
                                                                                                                                                                                                                                                                                                            SHA-512:D3BFB4BD7E7FDB7159FBFC14056067C813CE52CDD91E885BDAAC36820B5385FB70077BF58EC434D31A5A48245EB62B6794794618C73FE7953F79A4FC26592334
                                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSIE1CA.tmp-\AlphaControlAgentInstallation.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R..e.........." ..0..Z..........Bx... ........... ....................................`..................................w..O....................................v............................................... ............... ..H............text...HX... ...Z.................. ..`.rsrc................\..............@..@.reloc...............b..............@..B................$x......H........5...A............................................................(....r...p(.....s....o....,.r;..p(....(.... ....*r...p(.....*..0..M........(....r...p(.....s@...oA...,$(H...-..s'...r...pr;..p.o(.....o....r[..p(.....*....0..N........(....r...p(.....o....r...p..o....,..,..~.....o....,..*.s+...o,...r...p(.....*..(....r...p(.....s>...o?...rE..p(.....*..(....rm..p(.....s'...r...p..o(...r...p(.....*..(....r...p(.....s'...r...p..o(...r;..p(.....*..(....r]..p(.....s'...r...p

                                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSIE1CA.tmp-\CustomAction.config

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):1538
                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.735670966653348
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB+aZtG9jDqRp:c0nd5t7q7WsFD7t3tG96n
                                                                                                                                                                                                                                                                                                            MD5:BC17E956CDE8DD5425F2B2A68ED919F8
                                                                                                                                                                                                                                                                                                            SHA1:5E3736331E9E2F6BF851E3355F31006CCD8CAA99
                                                                                                                                                                                                                                                                                                            SHA-256:E4FF538599C2D8E898D7F90CCF74081192D5AFA8040E6B6C180F3AA0F46AD2C5
                                                                                                                                                                                                                                                                                                            SHA-512:02090DAF1D5226B33EDAAE80263431A7A5B35A2ECE97F74F494CC138002211E71498D42C260395ED40AEE8E4A40474B395690B8B24E4AEE19F0231DA7377A940
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSIE1CA.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):184240
                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.876033362692288
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                                                                                                                            MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                                                                                                                            SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                                                                                                                            SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                                                                                                                            SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSIE1CA.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):711952
                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.96669864901384
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:12288:WBARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTU+:WBA/ZTvQD0XY0AJBSjRlXP36RMG7
                                                                                                                                                                                                                                                                                                            MD5:715A1FBEE4665E99E859EDA667FE8034
                                                                                                                                                                                                                                                                                                            SHA1:E13C6E4210043C4976DCDC447EA2B32854F70CC6
                                                                                                                                                                                                                                                                                                            SHA-256:C5C83BBC1741BE6FF4C490C0AEE34C162945423EC577C646538B2D21CE13199E
                                                                                                                                                                                                                                                                                                            SHA-512:BF9744CCB20F8205B2DE39DBE79D34497B4D5C19B353D0F95E87EA7EF7FA1784AEA87E10EFCEF11E4C90451EAA47A379204EB0533AA3018E378DD3511CE0E8AD
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ............`.....................................O......................../.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSIE1CA.tmp-\System.Management.dll

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):61448
                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.332072334718381
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:768:xieZDWtg+ESsRTgCayrMkp6SEI9016UJKdi1diF55U/h:xwg+ESsVgCayY/pYgwkd0Eh
                                                                                                                                                                                                                                                                                                            MD5:878E361C41C05C0519BFC72C7D6E141C
                                                                                                                                                                                                                                                                                                            SHA1:432EF61862D3C7A95AB42DF36A7CAF27D08DC98F
                                                                                                                                                                                                                                                                                                            SHA-256:24DE61B5CAB2E3495FE8D817FB6E80094662846F976CF38997987270F8BBAE40
                                                                                                                                                                                                                                                                                                            SHA-512:59A7CBB9224EE28A0F3D88E5F0C518B248768FF0013189C954A3012463E5C0BA63A7297497131C9C0306332646AF935DD3A1ACF0D3E4E449351C28EC9F1BE1FA
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....bP.........." ..................... .........c. ....................... ......>.....`.....................................O.......\................>........................................................... ............... ..H............text........ ...................... ..`.rsrc...\...........................@..@.reloc..............................@..B........................H........"..`...........D....".......................................................................................0...............0.......................................................................0...............................................................................................................................................0...............0...................................................0...............0..............................................

                                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSIE49A.tmp

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):437326
                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.648055237431146
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:12288:mt3jOZy2KsGU6a4Ksht3jOZy2KsGU6a4Ksq:GzOE2Z34KGzOE2Z34Kr
                                                                                                                                                                                                                                                                                                            MD5:1C6FCB902BFE37B192928CC825E6E8A7
                                                                                                                                                                                                                                                                                                            SHA1:1A3E169F609BA94879B4CF84C866CACD4709A319
                                                                                                                                                                                                                                                                                                            SHA-256:A66BB087E2CBBB97A9606C9BC2E7B6A695BCBAE1468FD8C909A34F930DB746CE
                                                                                                                                                                                                                                                                                                            SHA-512:01ACBAF28BAEC034598F8E03A1EAE1AA2B034C7B47741D1ADB2F6C69A291733139913A3D18CB1BD638E0D1438DAFAB25AD1B96E632774227E11342D23F93FAFF
                                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSIE49A.tmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            Preview:...@IXOS.@.....@.)xY.@.....@.....@.....@.....@.....@......&.{E732A0D7-A2F2-4657-AC41-B19742648E45}..AteraAgent..registration.msi.@.....@.....@.....@........&.{721AD955-79FD-4019-BBF5-9DCC4C1175BB}.....@.....@.....@.....@.......@.....@.....@.......@......AteraAgent......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........StopAteraServiceQuiet....J...StopAteraServiceQuiet.@A......M..MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[.................

                                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSIE49B.tmp

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):216496
                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.646208142644182
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
                                                                                                                                                                                                                                                                                                            MD5:A3AE5D86ECF38DB9427359EA37A5F646
                                                                                                                                                                                                                                                                                                            SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                                                                                                                                                                                                                                                                                                            SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                                                                                                                                                                                                                                                                                                            SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSIE596.tmp

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):216496
                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.646208142644182
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
                                                                                                                                                                                                                                                                                                            MD5:A3AE5D86ECF38DB9427359EA37A5F646
                                                                                                                                                                                                                                                                                                            SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                                                                                                                                                                                                                                                                                                            SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                                                                                                                                                                                                                                                                                                            SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSIE6C0.tmp

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):216496
                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.646208142644182
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
                                                                                                                                                                                                                                                                                                            MD5:A3AE5D86ECF38DB9427359EA37A5F646
                                                                                                                                                                                                                                                                                                            SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                                                                                                                                                                                                                                                                                                            SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                                                                                                                                                                                                                                                                                                            SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSIFFD7.tmp

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                                                                                                                            Category:modified
                                                                                                                                                                                                                                                                                                            Size (bytes):521954
                                                                                                                                                                                                                                                                                                            Entropy (8bit):7.356225107100806
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:12288:GnBaimP+DJLxQb6CBCldjCaOIM7PmD8WoKO2qHxf:kG2D3QbCldj1MK/tzG
                                                                                                                                                                                                                                                                                                            MD5:88D29734F37BDCFFD202EAFCDD082F9D
                                                                                                                                                                                                                                                                                                            SHA1:823B40D05A1CAB06B857ED87451BF683FDD56A5E
                                                                                                                                                                                                                                                                                                            SHA-256:87C97269E2B68898BE87B884CD6A21880E6F15336B1194713E12A2DB45F1DCCF
                                                                                                                                                                                                                                                                                                            SHA-512:1343ED80DCCF0FA4E7AE837B68926619D734BC52785B586A4F4102D205497D2715F951D9ACACC8C3E5434A94837820493173040DC90FB7339A34B6F3EF0288D0
                                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................'P\....'P^....'P_...........................>.......4..................R......:...........Rich...........................PE..L....o.]...........!.....D...|.......L.......`......................................S#....@.........................0}...*......x.......d.......................4... s..T...........................xs..@............`..l............................text....B.......D.................. ..`.rdata...Q...`...R...H..............@..@.data...p...........................@....rsrc...d...........................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSIFFD7.tmp-\AlphaControlAgentInstallation.dll

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):25600
                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.009968638752024
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:384:akuS4rIWmFo967HkYc/4CmvZqVZa9VSlkfO2IROklJhwaHr1LpvTVi:RuVs3bXCmvZqu3u9OiNL1LpvTs
                                                                                                                                                                                                                                                                                                            MD5:AA1B9C5C685173FAD2DABEBEB3171F01
                                                                                                                                                                                                                                                                                                            SHA1:ED756B1760E563CE888276FF248C734B7DD851FB
                                                                                                                                                                                                                                                                                                            SHA-256:E44A6582CD3F84F4255D3C230E0A2C284E0CFFA0CA5E62E4D749E089555494C7
                                                                                                                                                                                                                                                                                                            SHA-512:D3BFB4BD7E7FDB7159FBFC14056067C813CE52CDD91E885BDAAC36820B5385FB70077BF58EC434D31A5A48245EB62B6794794618C73FE7953F79A4FC26592334
                                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSIFFD7.tmp-\AlphaControlAgentInstallation.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R..e.........." ..0..Z..........Bx... ........... ....................................`..................................w..O....................................v............................................... ............... ..H............text...HX... ...Z.................. ..`.rsrc................\..............@..@.reloc...............b..............@..B................$x......H........5...A............................................................(....r...p(.....s....o....,.r;..p(....(.... ....*r...p(.....*..0..M........(....r...p(.....s@...oA...,$(H...-..s'...r...pr;..p.o(.....o....r[..p(.....*....0..N........(....r...p(.....o....r...p..o....,..,..~.....o....,..*.s+...o,...r...p(.....*..(....r...p(.....s>...o?...rE..p(.....*..(....rm..p(.....s'...r...p..o(...r...p(.....*..(....r...p(.....s'...r...p..o(...r;..p(.....*..(....r]..p(.....s'...r...p

                                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSIFFD7.tmp-\CustomAction.config

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):1538
                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.735670966653348
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB+aZtG9jDqRp:c0nd5t7q7WsFD7t3tG96n
                                                                                                                                                                                                                                                                                                            MD5:BC17E956CDE8DD5425F2B2A68ED919F8
                                                                                                                                                                                                                                                                                                            SHA1:5E3736331E9E2F6BF851E3355F31006CCD8CAA99
                                                                                                                                                                                                                                                                                                            SHA-256:E4FF538599C2D8E898D7F90CCF74081192D5AFA8040E6B6C180F3AA0F46AD2C5
                                                                                                                                                                                                                                                                                                            SHA-512:02090DAF1D5226B33EDAAE80263431A7A5B35A2ECE97F74F494CC138002211E71498D42C260395ED40AEE8E4A40474B395690B8B24E4AEE19F0231DA7377A940
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSIFFD7.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):184240
                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.876033362692288
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                                                                                                                            MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                                                                                                                            SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                                                                                                                            SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                                                                                                                            SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSIFFD7.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):711952
                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.96669864901384
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:12288:WBARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTU+:WBA/ZTvQD0XY0AJBSjRlXP36RMG7
                                                                                                                                                                                                                                                                                                            MD5:715A1FBEE4665E99E859EDA667FE8034
                                                                                                                                                                                                                                                                                                            SHA1:E13C6E4210043C4976DCDC447EA2B32854F70CC6
                                                                                                                                                                                                                                                                                                            SHA-256:C5C83BBC1741BE6FF4C490C0AEE34C162945423EC577C646538B2D21CE13199E
                                                                                                                                                                                                                                                                                                            SHA-512:BF9744CCB20F8205B2DE39DBE79D34497B4D5C19B353D0F95E87EA7EF7FA1784AEA87E10EFCEF11E4C90451EAA47A379204EB0533AA3018E378DD3511CE0E8AD
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ............`.....................................O......................../.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSIFFD7.tmp-\System.Management.dll

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):61448
                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.332072334718381
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:768:xieZDWtg+ESsRTgCayrMkp6SEI9016UJKdi1diF55U/h:xwg+ESsVgCayY/pYgwkd0Eh
                                                                                                                                                                                                                                                                                                            MD5:878E361C41C05C0519BFC72C7D6E141C
                                                                                                                                                                                                                                                                                                            SHA1:432EF61862D3C7A95AB42DF36A7CAF27D08DC98F
                                                                                                                                                                                                                                                                                                            SHA-256:24DE61B5CAB2E3495FE8D817FB6E80094662846F976CF38997987270F8BBAE40
                                                                                                                                                                                                                                                                                                            SHA-512:59A7CBB9224EE28A0F3D88E5F0C518B248768FF0013189C954A3012463E5C0BA63A7297497131C9C0306332646AF935DD3A1ACF0D3E4E449351C28EC9F1BE1FA
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....bP.........." ..................... .........c. ....................... ......>.....`.....................................O.......\................>........................................................... ............... ..H............text........ ...................... ..`.rsrc...\...........................@..@.reloc..............................@..B........................H........"..`...........D....".......................................................................................0...............0.......................................................................0...............................................................................................................................................0...............0...................................................0...............0..............................................

                                                                                                                                                                                                                                                                                                            C:\Windows\Installer\SourceHash{E732A0D7-A2F2-4657-AC41-B19742648E45}

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):20480
                                                                                                                                                                                                                                                                                                            Entropy (8bit):1.1641504994988994
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:12:JSbX72Fj5H6AGiLIlHVRpLh/7777777777777777777777777vDHF4DypUWlXMvh:JzH6QI5PWDMKwF
                                                                                                                                                                                                                                                                                                            MD5:7AF08372C47DA35C9489DC425881F2E9
                                                                                                                                                                                                                                                                                                            SHA1:E4C9EE6D7AA5E6F45C9EA336F583D1F70A00D970
                                                                                                                                                                                                                                                                                                            SHA-256:FAEFF2DB3114B53A6DB029F251D481FFABAC8A30E8AB4023ED9693653809B93A
                                                                                                                                                                                                                                                                                                            SHA-512:E82BEC68F04CFFABE4424E24B5A34C282637312417DC81FD8FF4F74DD9D683FD69CA8DB59952021CA5CF7AF5A17C48A3F13C3F3E11E5866E742B5A2E78C12969
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                            C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):20480
                                                                                                                                                                                                                                                                                                            Entropy (8bit):1.564402935728125
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:48:2J8PhPuRc06WXJuFT5Eund1qISoedGPdGfSr7MStedGPdGRubBn:ZhP1FFTKuqIrMoF
                                                                                                                                                                                                                                                                                                            MD5:8F05F85A351E32EBFE29BC15878CA173
                                                                                                                                                                                                                                                                                                            SHA1:5833C4EBEDB9D839A8CAB7265E0F87E1304F9BBF
                                                                                                                                                                                                                                                                                                            SHA-256:44CAAD234A876BCEA20335DAB6F6DE3368316D3E25F1817404516DC9F213903B
                                                                                                                                                                                                                                                                                                            SHA-512:A7E804B23DC5CBE62C893AC4BCDB24E006B173E3429C10D00E47DFDBC82C82F888355D8422379D3B63F34F119219723BAA9335B8309A08D62EDDD0E8F3611519
                                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\inprogressinstallinfo.ipi, Author: Joe Security
                                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                            C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):360001
                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.362996555775764
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26KgauV:zTtbmkExhMJCIpEc
                                                                                                                                                                                                                                                                                                            MD5:F561BBD0622C7B54753C0572E9A21B81
                                                                                                                                                                                                                                                                                                            SHA1:80AC12D7D39AFB351684CC359DD77DCC2B020460
                                                                                                                                                                                                                                                                                                            SHA-256:4CF531D787A8088345E98FA9E812E3B42FDE202C9738D3F07F955116786FD8CE
                                                                                                                                                                                                                                                                                                            SHA-512:EDE9178BCF1A88F4F98ECF06B2D3065B295B6AF8B15093F6A72056E36800C7709B3E6FF47554CC3ABC9700206C4811C13A08F714C109A42C6F87AFCD07721D3D
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                                                                                                                                                                                                                                                                            C:\Windows\System32\InstallUtil.InstallLog

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):704
                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.805280550692434
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:12:tIDRFK4mAX7RBem7hccD+PRem7hUhiiGNGNdg6MhgRBem7hccD+PRem7hUGNGNkm:Us43XVBVhcmMRVhMipNVeBVhcmMRVhro
                                                                                                                                                                                                                                                                                                            MD5:EF51E16A5B81AB912F2478FE0A0379D6
                                                                                                                                                                                                                                                                                                            SHA1:B0F9E2EE284DD1590EA31B2D3AD736D77B9FC6A7
                                                                                                                                                                                                                                                                                                            SHA-256:2C5D5397CEDF66DB724FED7FB4515B026A894F517A0DFBE8AE8ADF52DB61AA22
                                                                                                                                                                                                                                                                                                            SHA-512:296A11DB55BFEE7D87897BB63BC9E2C05786D3FD73A894DA5AF76F7A756495C6CCC0959C88844DFB5560DE2374A257201D960E004EC09D8C9DFB50952C5EF2D2
                                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\System32\InstallUtil.InstallLog, Author: Joe Security
                                                                                                                                                                                                                                                                                                            Preview:...Running a transacted installation.....Beginning the Install phase of the installation...See the contents of the log file for the C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe assembly's progress...The file is located at C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog.....The Install phase completed successfully, and the Commit phase is beginning...See the contents of the log file for the C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe assembly's progress...The file is located at C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog.....The Commit phase completed successfully.....The transacted install has completed...

                                                                                                                                                                                                                                                                                                            C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1A374813EDB1A6631387E414D3E73232

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):111002
                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.451729490748972
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:1536:kPzgm47BQL7ZMFPZ7t0zfIagnbSLDII+D61SdOkC7/:kbgN7BGFoZ7+gbE8pD61JL
                                                                                                                                                                                                                                                                                                            MD5:E43056855200281951812F3A6D94EFF7
                                                                                                                                                                                                                                                                                                            SHA1:66253EFEAE45E17339D00E2277A4E619E7E2FABC
                                                                                                                                                                                                                                                                                                            SHA-256:04A68A7F0A5E5AEE56899E2080B5E5C6FCC35564F470551E8FB2031C45F2B03F
                                                                                                                                                                                                                                                                                                            SHA-512:B98CAAD890078D0FE69F35176AB294380D98B480E6BD973DA10EE31B175E63A53C5E4DFB61405B7FAB85EA5D5FB01C4869287B70D7FE2F3F50F619C313F8911C
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Preview:0....0...|...0...*.H........0i1.0...U....US1.0...U....DigiCert, Inc.1A0?..U...8DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1..241123125041Z..241130125041Z0....0!.......0.E....[0...210531000001Z0!...7g...(..^`.x.l...210531000001Z0!...\./M.8..>.f.....210531000001Z0!...*B.Sh...f...s.0..210531000001Z0!..../n...h..7....>..210601000001Z0!....0..>5..aN.u{D..210601000001Z0!...-...qpWa.!n.....210601000001Z0!..."f...\..N.....X..210601000001Z0!......S....fNj'.wy..210602000001Z0!......C.lm..B.*.....210602000001Z0!...in.H...[u...]....210602000001Z0!......`......._.]...210602000001Z0!...{..e..i......=..210602000001Z0!... .}...|.,dk...+..210603000001Z0!...U.K....o.".Rj..210603000001Z0!.....A...K.ZpK..'h..210603000001Z0!.....&}{ ......l..210603000001Z0!...:.m...I.p.;..v..210604000001Z0!...1"uw3..Gou.qg.q..210607000001Z0!...1.o}...c/...-R}..210608000001Z0!................210608000001Z0!...[.N.d............210609000001Z0!......x..i........210610000001Z0!...(... (..#.^.f...210

                                                                                                                                                                                                                                                                                                            C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\329B6147266C1E26CD774EA22B79EC2E

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):111002
                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.451729490748972
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:1536:kPzgm47BQL7ZMFPZ7t0zfIagnbSLDII+D61SdOkC7/:kbgN7BGFoZ7+gbE8pD61JL
                                                                                                                                                                                                                                                                                                            MD5:E43056855200281951812F3A6D94EFF7
                                                                                                                                                                                                                                                                                                            SHA1:66253EFEAE45E17339D00E2277A4E619E7E2FABC
                                                                                                                                                                                                                                                                                                            SHA-256:04A68A7F0A5E5AEE56899E2080B5E5C6FCC35564F470551E8FB2031C45F2B03F
                                                                                                                                                                                                                                                                                                            SHA-512:B98CAAD890078D0FE69F35176AB294380D98B480E6BD973DA10EE31B175E63A53C5E4DFB61405B7FAB85EA5D5FB01C4869287B70D7FE2F3F50F619C313F8911C
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Preview:0....0...|...0...*.H........0i1.0...U....US1.0...U....DigiCert, Inc.1A0?..U...8DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1..241123125041Z..241130125041Z0....0!.......0.E....[0...210531000001Z0!...7g...(..^`.x.l...210531000001Z0!...\./M.8..>.f.....210531000001Z0!...*B.Sh...f...s.0..210531000001Z0!..../n...h..7....>..210601000001Z0!....0..>5..aN.u{D..210601000001Z0!...-...qpWa.!n.....210601000001Z0!..."f...\..N.....X..210601000001Z0!......S....fNj'.wy..210602000001Z0!......C.lm..B.*.....210602000001Z0!...in.H...[u...]....210602000001Z0!......`......._.]...210602000001Z0!...{..e..i......=..210602000001Z0!... .}...|.,dk...+..210603000001Z0!...U.K....o.".Rj..210603000001Z0!.....A...K.ZpK..'h..210603000001Z0!.....&}{ ......l..210603000001Z0!...:.m...I.p.;..v..210604000001Z0!...1"uw3..Gou.qg.q..210607000001Z0!...1.o}...c/...-R}..210608000001Z0!................210608000001Z0!...[.N.d............210609000001Z0!......x..i........210610000001Z0!...(... (..#.^.f...210

                                                                                                                                                                                                                                                                                                            C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):471
                                                                                                                                                                                                                                                                                                            Entropy (8bit):7.187019651177751
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:12:JyYOzg5GLsHzqTykJ0Ysbwsn5SWPYkq3n:JRO0ILsyJ0Y+Z5lYn
                                                                                                                                                                                                                                                                                                            MD5:441A4996E2EE86C4B588D8C0D407E7C2
                                                                                                                                                                                                                                                                                                            SHA1:0987D79EAECF4AFAD0E5C6F7BD9BD0A90CEABBD4
                                                                                                                                                                                                                                                                                                            SHA-256:300CFA12D5560F2B04E870FE42E15B6A2007E8F53E4CE1329BD506382075E657
                                                                                                                                                                                                                                                                                                            SHA-512:8D6D5BD1EA7BAAFEB8CA750CE112ED7FAD1477E1DEEF34994A145893EED217D1A9990A52D76790F8C00484378778504626E5C6A5F5193B8DA661AFDBD62600B0
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Preview:0..........0.....+.....0......0...0......E....1-Q...!..m....20241123190516Z0s0q0I0...+...........@..D3=?..Mn8...Q..E....1-Q...!..m..........-...P..@.Z....20241123190516Z....20241130190516Z0...*.H............._......Ym...[....K..r.....D.|.7...6/.Dd...bx*8..:.#B.....-W..3K.bW...._...........E......82oTc.",...d3C...X...U.....}.&9?...+.}{~..L|........9=..\R..{*.J/..I;:.P.H.....3..*..x....>.?.Vu{r....Jx`.i..\"{.8Kz.....z.....wD.4...O.....\"y

                                                                                                                                                                                                                                                                                                            C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):727
                                                                                                                                                                                                                                                                                                            Entropy (8bit):7.537072345098989
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:12:5o6Tq9R5h44TUqrqILBKSB/P8KcFHiGIkZEaOR6qtcO4CoTBF/ZW9FD1QvuTw/n/:54oqXVKSBH8KqiGZtfqiOboTBF4l1ve/
                                                                                                                                                                                                                                                                                                            MD5:49BA85BE2CB152368FE6EE8982CF3D76
                                                                                                                                                                                                                                                                                                            SHA1:F078FDB44C9C62D64DC79849C7E41DEC4441A9C0
                                                                                                                                                                                                                                                                                                            SHA-256:28B91A2A15DFCE2BB789D5CF10E55DC8D46418AF6E8574CBA83CCAD4D396BE68
                                                                                                                                                                                                                                                                                                            SHA-512:67F5293A94BF17ED5031EEC51EE06BBC467860CDC48A2712694418185C0D400386BCD3D3C4FB46E7B5E50EEE1A6A4747707A3058D0C982B4CB16E8374816E787
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Preview:0..........0.....+.....0......0...0......h7..;._....a{..e.NB..20241123213707Z0s0q0I0...+.........]....^Idk...NG.X....h7..;._....a{..e.NB...(I.x...#...R....20241123212102Z....20241130202102Z0...*.H.............hW.~...z~.4u...VR)..../.9 .....Z...{.-....9F.4.>.....&.......5IyX._y..7.a...?...=....8......o..I6...7.G.1..h*.*`.. ......(q.t...#VT.>..}.lzI2k...j.E.}s....V......F..s..O.X(x......g..9u7@!......eQ......\;..'..J5...z...JA~8....X..-.X..c..U..@K..6L...P.G.........q..z.1........i]...I..e.%...3P..m....x.....H.......Q..... Cz*.sPT.6.5.DY....o?..Z..6..>...c.-.+g.VQ...kq...N...T..X...N.p..YQ".3>_......q.Y=.[.*.Xg..4=...DvN.^.[...{..dU{P%..k. ...Ek....c[.OM.].|..o.@...1..P..4..\..*.._J.z0Y

                                                                                                                                                                                                                                                                                                            C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BA74182F76F15A9CF514DEF352303C95

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):737
                                                                                                                                                                                                                                                                                                            Entropy (8bit):7.5557187233228245
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:12:yeRLaWQMnFQlRAUcncFfBJurIT/L3wH/c9q5kvs0LQ+TDOFbx2UJhE47J:y2GWnSxuctGeqiW+Lp6L2ehE47J
                                                                                                                                                                                                                                                                                                            MD5:3DE65469B9F550FA32724673E299DFE2
                                                                                                                                                                                                                                                                                                            SHA1:4AAA64A5E233B459C3D4A5BCDD6EB115990C880D
                                                                                                                                                                                                                                                                                                            SHA-256:36BD170660F76039F65092E3CFB6F5AE7E6CE34E8E7321FABA7059E8407E3EB8
                                                                                                                                                                                                                                                                                                            SHA-512:642459FD1971BD4EBBC4C7128515F15D1F8AF15FE9AA5E992BDA18BB25B5913F3C36FCB1D9CA9D184C58F92295639976E3ECED7FEE5DEBB672C8F230EB31CD6E
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Preview:0...0.....0...*.H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G4..241119210859Z..241210210859Z.00.0...U.#..0.......q]dL..g?....O0...U........0...*.H.............Io}x.N~...b...".F>.b9..9...(...lH.!.Pr.X..._..<.C...t....(.q....D..?...k..*.rN...{...c..=./O.G......{....a.i=}.|Cy...~......6.N.p.....)...1.;QE.\x)U.|.:.6.....(-T.....7.9.l.b..X....v..W.`..u.%T.VOHF.0.A...P...iv.Z...n0*k..w.mA.9e.'.w.....b......P.....2..X...ph.7Z..........s.'.. f...9F"....J...6../a..a..nl.IW.V..%z.....B...3.2.:hw...2b.Q._.i..N....=....F.f.%P.j.c}.sY;.+y.E.....V..7..CEj.....r.G.B.T..p....e.wa..8R..X..!..2*L.g.gx.f?e...J..FB.*.....S{..x....y.QF/.0K'....+..N....G..=.'..g....

                                                                                                                                                                                                                                                                                                            C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            File Type:Certificate, Version=3
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):1716
                                                                                                                                                                                                                                                                                                            Entropy (8bit):7.596259519827648
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:48:GL3d+gG48zmf8grQcPJ27AcYG7i47V28Tl4JZG0FWk8ZHJ:GTd0PmfrrQG28cYG28CEJ
                                                                                                                                                                                                                                                                                                            MD5:D91299E84355CD8D5A86795A0118B6E9
                                                                                                                                                                                                                                                                                                            SHA1:7B0F360B775F76C94A12CA48445AA2D2A875701C
                                                                                                                                                                                                                                                                                                            SHA-256:46011EDE1C147EB2BC731A539B7C047B7EE93E48B9D3C3BA710CE132BBDFAC6B
                                                                                                                                                                                                                                                                                                            SHA-512:6D11D03F2DF2D931FAC9F47CEDA70D81D51A9116C1EF362D67B7874F91BF20915006F7AF8ECEBAEA59D2DC144536B25EA091CC33C04C9A3808EEFDC69C90E816
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Preview:0...0............@.`.L.^.....0...*.H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40...210429000000Z..360428235959Z0i1.0...U....US1.0...U....DigiCert, Inc.1A0?..U...8DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA10.."0...*.H.............0........./B.(.x.].9Y...B.3..=..p..&0...h.\..4$..KO.xC........g.RO..W.......>Mp$d....}4}L.W.kC....;....GZ..L.. %............e....I5.=Q..!xE...,.......IpB2......eh..ML..HRh....W]...e...O.,H.V.5........7.....|...2........t..9..`.....1.......#GG...n..m.....jg-.D......;...2Z..j`T.I....\.o.&....8........o.a4\..E(.6*f(_.s.&%....\...L.b.^3........+..6y.....u.e..HP.w....P.F.aX..|..<.(.9....S..G.u0..0.v..[K]taM?..v.X.r.)A...m&vh.A.X..&+..MY.x.J>@G_.Ps..#!Y`.dT..!..8.|f..x8E0.O.cOL....SA|X=G....2...l<.V.........Y0..U0...U.......0.......0...U......h7..;._....a{..e.NB0...U.#..0.......q]dL..g?....O0...U...........0...U.%..0...+.......0w..+........k0i0$..+.....0...http:/

                                                                                                                                                                                                                                                                                                            C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):727
                                                                                                                                                                                                                                                                                                            Entropy (8bit):7.534031201200033
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:12:5onfZUxc5RlRtBfQOx/hsLzjyNiA6M4SjmFjt5Y1DohqGoz7UcN/YNjoRLUE2lH2:5iCxcdZbxJqjFJ5mDohqocRYN7latn
                                                                                                                                                                                                                                                                                                            MD5:3AA154C597F0D3EF221B82298CE04F78
                                                                                                                                                                                                                                                                                                            SHA1:C15D53176E903BFAB12665B3E42D1B9ECCFB54D0
                                                                                                                                                                                                                                                                                                            SHA-256:B75A76C1C71E981D5299E2A8F85D317D14DA91FD79A615C70EF14876EBC9557D
                                                                                                                                                                                                                                                                                                            SHA-512:B9B93ED7F99E8B96EFB85A4DC9A8CEE9F7057B87DA9C2A1FE82FE8CD308F89C42E76E9170BB429999E1D985AF7847463B8C60173C44413685472E0B5E2306324
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Preview:0..........0.....+.....0......0...0..........q]dL..g?....O..20241123184215Z0s0q0I0...+........."..;F..=\@ua..........q]dL..g?....O....@.`.L.^........20241123184215Z....20241130184215Z0...*.H................m.iQ...1..L....W..,dJ?..0|.R}......t@.U..6.....q.*...XbF.._+_Q...X.fx.m...J..e.4.Lh.._D!.$.......(T.P._.d...A....&R.?H..#)buHT...a..a.+.D..z...cH...;..\.m....D..R5..k.+ci!=dR.\..z.4q...i.Rj.M...A..=./..J*%?m"..+\....q.D.J.",3.....0p)+.OF.r]..'....}...cN..^8s....v.|O........:.<TK.f.I.....B...=.}sU.Y....E.h...&.....S......C...l..9...&h..H....$]....w....n2n....a5.{..a......|..!v...C..3......s.2.,.......B..{!]...7..}.M[3X*..&.y.................@{.f.Y7*)w..6.dh.b]@...!.c.5...r..7m..

                                                                                                                                                                                                                                                                                                            C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            File Type:Certificate, Version=3
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):1428
                                                                                                                                                                                                                                                                                                            Entropy (8bit):7.688784034406474
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:24:nIGWnSIGWnSGc9VIyy0KuiUQ+7n0TCDZJCCAyuIqwmCFUZnPQ1LSdT:nIL7LJSRQ+QgAyuxwfynPQmR
                                                                                                                                                                                                                                                                                                            MD5:78F2FCAA601F2FB4EBC937BA532E7549
                                                                                                                                                                                                                                                                                                            SHA1:DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
                                                                                                                                                                                                                                                                                                            SHA-256:552F7BDCF1A7AF9E6CE672017F4F12ABF77240C78E761AC203D1D9D20AC89988
                                                                                                                                                                                                                                                                                                            SHA-512:BCAD73A7A5AFB7120549DD54BA1F15C551AE24C7181F008392065D1ED006E6FA4FA5A60538D52461B15A12F5292049E929CFFDE15CC400DEC9CDFCA0B36A68DD
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Preview:0...0..x..........W..!2.9...wu\0...*.H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40...130801120000Z..380115120000Z0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40.."0...*.H.............0..........sh..]J<0"0i3..%..!=..Y..).=X.v..{....0....8..V.m...y....._..<R.R....~...W.YUr.h.p..u.js2...D.......t;mq.-... .. .c)-..^N..!a.4...^.[......4@_.zf.w.H.fWW.TX..+.O.0.V..{]..O^.5.1..^......@.y.x...j.8.....7...}...>..p.U.A2...s*n..|!L....u]xf.:1D.3@...ZI...g.'..O9..X..$\F.d..i.v.v=Y]Bv...izH....f.t..K...c....:.=...E%...D.+~....am.3...K...}....!........p,A`..c.D..vb~.....d.3....C....w.....!..T)%.l..RQGt.&..Au.z._.?..A..[..P.1..r."..|Lu?c.!_. Qko....O..E_. ........~.&...i/..-............B0@0...U.......0....0...U...........0...U..........q]dL..g?....O0...*.H..............a.}.l.........dh.V.w.p...J...x\.._...)V.6I]Dc...f.#.=y.mk.T..<.C@..P.R..;...ik.

                                                                                                                                                                                                                                                                                                            C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1A374813EDB1A6631387E414D3E73232

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):306
                                                                                                                                                                                                                                                                                                            Entropy (8bit):3.2777077146287157
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:6:kK3h0yuA3H5DRAUSW0P3PeXJUwh8lmi36lImJGelN:/hDuAX51xSW0P3PeXJUZ6NXlN
                                                                                                                                                                                                                                                                                                            MD5:42EE4963CA7603E14FE5D42C48C2295A
                                                                                                                                                                                                                                                                                                            SHA1:09C4D52F906B031602EA18710DDC9460A2D0D3B6
                                                                                                                                                                                                                                                                                                            SHA-256:478A7B52FBE326AB5C81D204D23577C64452128E99F8EAD980C0986121354F43
                                                                                                                                                                                                                                                                                                            SHA-512:60867E11B28155FABE78A70F798BE78D6D824392B1CBC883BD220D9F492898BAFA9BC5A31E9F978305B18D4D40469632263F30071ABB70C5DB26CEC765DA0783
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Preview:p...... .........9DQB...(....................................................... .........e..=.. ..."...............h.t.t.p.:././.c.r.l.3...d.i.g.i.c.e.r.t...c.o.m./.D.i.g.i.C.e.r.t.T.r.u.s.t.e.d.G.4.C.o.d.e.S.i.g.n.i.n.g.R.S.A.4.0.9.6.S.H.A.3.8.4.2.0.2.1.C.A.1...c.r.l...".6.7.4.1.d.5.5.d.-.1.b.1.9.a."...

                                                                                                                                                                                                                                                                                                            C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\329B6147266C1E26CD774EA22B79EC2E

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                            Category:modified
                                                                                                                                                                                                                                                                                                            Size (bytes):306
                                                                                                                                                                                                                                                                                                            Entropy (8bit):3.2587753577823357
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:6:kKYXuA3H5DhOAUSW0P3PeXJUwh8lmi36lImJGelN:guAX5wxSW0P3PeXJUZ6NXlN
                                                                                                                                                                                                                                                                                                            MD5:6B9C88A56E660106C44FA587AEC72014
                                                                                                                                                                                                                                                                                                            SHA1:ED4B36E7B5C9DACA4570B065E74BC6B1FEC3F805
                                                                                                                                                                                                                                                                                                            SHA-256:C392CDC9EFC0178E13D586E35F90FEBF1EB1EACA74DE35208EC05C826E40AE78
                                                                                                                                                                                                                                                                                                            SHA-512:73DF3A3225FD94FCAF6F678C53A117E947B8EAC15E450126E3323D62DA6CA5920B43315CAD09912E22E3F65B53084ADDCDA3E6C90148896CCBD474E47401B4AA
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Preview:p...... ..........k.N...(....................................................... .........e..=.. ..."...............h.t.t.p.:././.c.r.l.4...d.i.g.i.c.e.r.t...c.o.m./.D.i.g.i.C.e.r.t.T.r.u.s.t.e.d.G.4.C.o.d.e.S.i.g.n.i.n.g.R.S.A.4.0.9.6.S.H.A.3.8.4.2.0.2.1.C.A.1...c.r.l...".6.7.4.1.d.5.5.d.-.1.b.1.9.a."...

                                                                                                                                                                                                                                                                                                            C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):338
                                                                                                                                                                                                                                                                                                            Entropy (8bit):3.4738726491832703
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:6:kKmI8UEJFN+SkQlPlEGYRMY9z+s3Ql2DUevat:uIDPkPlE99SCQl2DUevat
                                                                                                                                                                                                                                                                                                            MD5:8FF0EA6CCC6101F8D30CC9642EE9559B
                                                                                                                                                                                                                                                                                                            SHA1:019C08E44841EEA8336DDC24064349E94E9B96CE
                                                                                                                                                                                                                                                                                                            SHA-256:CF5DCA4D7215F1B8726C8FF09022380BF721EB355B3C61D68DFCBC4F4CA99D1B
                                                                                                                                                                                                                                                                                                            SHA-512:89D308A68D9620B3F49AF0970AF750674127AC61D8FE3075830A18A5285A15636351D726804DF2502D24DFE0E6CB5D5C7A7A4F9D3E318BDD8FB25866FE26A9EA
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Preview:p...... ........=.{...(...............................................\F...>.. .........p.........$...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.d.i.s.a.l.l.o.w.e.d.c.e.r.t.s.t.l...c.a.b...".7.4.6.7.8.7.a.3.f.0.d.9.1.:.0."...

                                                                                                                                                                                                                                                                                                            C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):400
                                                                                                                                                                                                                                                                                                            Entropy (8bit):3.971607117569323
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:6:kKKHklvWhqXlF3sfybbJXlRNfOAUMivhClroFzCJCgO3lwuqDnlyQ4hY5isIlQhe:u0Xn3DvPmxMiv8sFzD3quqDkPh8Y2ZM
                                                                                                                                                                                                                                                                                                            MD5:BF45CE4389C3AC8187C1C80F94300CB1
                                                                                                                                                                                                                                                                                                            SHA1:897B7E70E6B17B1B73AF79B5849BDA8F34915E72
                                                                                                                                                                                                                                                                                                            SHA-256:0BCE95A235D6F11E5C68FD6123D30834516CEB6A73AB1D7E5608295436501186
                                                                                                                                                                                                                                                                                                            SHA-512:5BE7DE99990F74E8069A08880241D16A8FFE3EE93D8DA0022853B35C0730CCFB4842E05DC5946BFBA5DF53C4AFAA33ADF4E508D7158CA684247C6096014DCE94
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Preview:p...... .........^..Y>..(................~...=....o.ZC....................o.ZC.. .........KW>.. ...................h.t.t.p.:././.o.c.s.p...d.i.g.i.c.e.r.t...c.o.m./.M.F.E.w.T.z.B.N.M.E.s.w.S.T.A.J.B.g.U.r.D.g.M.C.G.g.U.A.B.B.T.3.x.L.4.L.Q.L.X.D.R.D.M.9.P.6.6.5.T.W.4.4.2.v.r.s.U.Q.Q.U.R.e.u.i.r.%.2.F.S.S.y.4.I.x.L.V.G.L.p.6.c.h.n.f.N.t.y.A.8.C.E.A.6.b.G.I.7.5.0.C.3.n.7.9.t.Q.4.g.h.A.G.F.o.%.3.D...

                                                                                                                                                                                                                                                                                                            C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):404
                                                                                                                                                                                                                                                                                                            Entropy (8bit):3.5496026143443564
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:6:kK3N35o4YfOAUMivhClroFHXHDZA6liyZlSlMul0bg3PWovy28lhl+KscSikKYlF:V35amxMiv8sF3HtllJZIvOP205scn8
                                                                                                                                                                                                                                                                                                            MD5:A3F33C512C89BB910845DAAFD7BF0A74
                                                                                                                                                                                                                                                                                                            SHA1:E72BB41BB69C1F8AC1C4F543FF4E646B0FD85FEE
                                                                                                                                                                                                                                                                                                            SHA-256:B80E99AC85A14B5D1BF99B1A0FC0B45F79411EED99A3C5D11220F4BB5345E28F
                                                                                                                                                                                                                                                                                                            SHA-512:8E8F11F44FD2C597C12230777817F024D3F92DF4AA6E72E6A3F7117131EBF0907EF87A24986BF53526335361E395A47A07B3A4A701885F72ABBD8F8EBE17AA94
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Preview:p...... .... .....f.R...(....................................................... ...........O>.. ...................h.t.t.p.:././.o.c.s.p...d.i.g.i.c.e.r.t...c.o.m./.M.F.E.w.T.z.B.N.M.E.s.w.S.T.A.J.B.g.U.r.D.g.M.C.G.g.U.A.B.B.S.R.X.e.r.F.0.e.F.e.S.W.R.r.i.p.T.g.T.k.c.J.W.M.m.7.i.Q.Q.U.a.D.f.g.6.7.Y.7.%.2.B.F.8.R.h.v.v.%.2.B.Y.X.s.I.i.G.X.0.T.k.I.C.E.A.o.o.S.Z.l.4.5.Y.m.N.9.A.o.j.j.r.i.l.U.u.g.%.3.D...

                                                                                                                                                                                                                                                                                                            C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BA74182F76F15A9CF514DEF352303C95

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):248
                                                                                                                                                                                                                                                                                                            Entropy (8bit):3.0084180705318637
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:3:kkFklkEPl/fllXlE/xZ/JtINRR8WXdA31y+NW0y1YbXKw+l1M7GlWB5lL1AWlll:kKvkWZ/8FAUSW0PTKDXM6lWTJ
                                                                                                                                                                                                                                                                                                            MD5:E905A997E9CF0CCA67EF5DD371602F01
                                                                                                                                                                                                                                                                                                            SHA1:1ACCD5B572A159FF04E39CB3536699A521E13901
                                                                                                                                                                                                                                                                                                            SHA-256:B66C1E67F461F699E6142AD73AD2251CDE30A4CC13CC37880150F1B34C13457D
                                                                                                                                                                                                                                                                                                            SHA-512:70C5C026A7252F455B67B0F804533BD5A8EA78B9CF113CC30D0264438F848551FB04266898EF5B8A136DCEDF97055943455695A28DBDF353C8E6691F32F87080
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Preview:p...... ....f...~...s...(....................................................... ........T.~.:.. ...................h.t.t.p.:././.c.r.l.3...d.i.g.i.c.e.r.t...c.o.m./.D.i.g.i.C.e.r.t.T.r.u.s.t.e.d.R.o.o.t.G.4...c.r.l...".6.7.3.d.0.d.e.d.-.2.e.1."...

                                                                                                                                                                                                                                                                                                            C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):308
                                                                                                                                                                                                                                                                                                            Entropy (8bit):3.206650934253046
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:6:kKH9klfzNcalgRAOAUSW0P3PeXJUwh8lmi3Y:fqYtWOxSW0P3PeXJUZY
                                                                                                                                                                                                                                                                                                            MD5:47BB9B6FF1448380D2592B52E4C3C506
                                                                                                                                                                                                                                                                                                            SHA1:C4D610D737ADA8E41A5D0B67D05278F8EABF8953
                                                                                                                                                                                                                                                                                                            SHA-256:733C8ECE8204E96573F626575E903500E0F135141D42C6F45A1168F0CC01265F
                                                                                                                                                                                                                                                                                                            SHA-512:DA6E36C236D96A55AF4328D7F3C1D2CEE476D39A8A6DBA40B0B6DB5DEC8FD07491A0A0C9A9F24F791D5085E582286486390583D83A4BF1E7B992FFC19D192E87
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Preview:p...... ...........Wb>..(....................................................... ........}.-@@......................h.t.t.p.:././.c.a.c.e.r.t.s...d.i.g.i.c.e.r.t...c.o.m./.D.i.g.i.C.e.r.t.T.r.u.s.t.e.d.G.4.C.o.d.e.S.i.g.n.i.n.g.R.S.A.4.0.9.6.S.H.A.3.8.4.2.0.2.1.C.A.1...c.r.t...".6.0.9.0.3.0.2.2.-.6.b.4."...

                                                                                                                                                                                                                                                                                                            C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):412
                                                                                                                                                                                                                                                                                                            Entropy (8bit):3.5515498964367707
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:6:kK0mXmffOAUMivhClroFfJSUm2SQwItJqB3UgPSgakZdPolRMnOlAkrn:jXQmxMiv8sFBSfamB3rbFURMOlAkr
                                                                                                                                                                                                                                                                                                            MD5:5855FF08AC942B2BCEFA2CA588CD3D14
                                                                                                                                                                                                                                                                                                            SHA1:41855F6CC633CAA6A7A74E86C2AE9513E9FC6AA0
                                                                                                                                                                                                                                                                                                            SHA-256:4E10569CC924D1622DA9E618D84618A19E85C66605B5F55A2DFE970BB0205BE8
                                                                                                                                                                                                                                                                                                            SHA-512:3B66ED9C67BC42F48A221330D7C5DB9204C4E306D27FF53C8799FF3CB6A0F520BF9B8F3CB38CF6DC6D2F437E9FBD710837DF59D164CAE4B065EA0E41D65E283B
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Preview:p...... ....(......e....(....................................................... ..........BW>.. ...................h.t.t.p.:././.o.c.s.p...d.i.g.i.c.e.r.t...c.o.m./.M.F.E.w.T.z.B.N.M.E.s.w.S.T.A.J.B.g.U.r.D.g.M.C.G.g.U.A.B.B.T.f.I.s.%.2.B.L.j.D.t.G.w.Q.0.9.X.E.B.1.Y.e.q.%.2.B.t.X.%.2.B.B.g.Q.Q.U.7.N.f.j.g.t.J.x.X.W.R.M.3.y.5.n.P.%.2.B.e.6.m.K.4.c.D.0.8.C.E.A.i.t.Q.L.J.g.0.p.x.M.n.1.7.N.q.b.2.T.r.t.k.%.3.D...

                                                                                                                                                                                                                                                                                                            C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):254
                                                                                                                                                                                                                                                                                                            Entropy (8bit):3.0429408944791785
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:6:kKXMllhLDcJgjcalgRAOAUSW0PTKDXMOXISKlUp:/MlzLYS4tWOxSW0PAMsZp
                                                                                                                                                                                                                                                                                                            MD5:32CFA980EB087A4D5849554025B19450
                                                                                                                                                                                                                                                                                                            SHA1:60AA3C92BCC59CEBB78350C82C62190E185879B1
                                                                                                                                                                                                                                                                                                            SHA-256:247661ED6155093671B7E0D48E9ED0E8615D655185285E79A2DF2D456B420125
                                                                                                                                                                                                                                                                                                            SHA-512:F8D6FA3EBA31E5B5AFD9378198396059328079D731335143A8945B27784458A8EBE4F241AE98F576D1F211138DE5F0BEE48F25A3333622DBABCA0CC93BDB1D71
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Preview:p...... ....l....t..b>..(....................................................... ............n......................h.t.t.p.:././.c.a.c.e.r.t.s...d.i.g.i.c.e.r.t...c.o.m./.D.i.g.i.C.e.r.t.T.r.u.s.t.e.d.R.o.o.t.G.4...c.r.t...".5.a.2.8.6.4.1.7.-.5.9.4."...

                                                                                                                                                                                                                                                                                                            C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageAgentInformation.exe.log

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                                                                                                                                                                                                                                            File Type:CSV text
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):1944
                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.343420056309075
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:48:MxHKQg8mHDp684YHKGSI6oPtHTHhAHKKkhHNpaHKlT44HKmHKe60:iqzCYqGSI6oPtzHeqKkhtpaqZ44qmq10
                                                                                                                                                                                                                                                                                                            MD5:437E4DCFC04CB727093C5232EA15F856
                                                                                                                                                                                                                                                                                                            SHA1:81B949390201F3B70AE2375518A0FFD329310837
                                                                                                                                                                                                                                                                                                            SHA-256:5EADB9774A50B6AD20D588FDA58F5A42B2E257A0AA26832B41F8EA008C1EB96B
                                                                                                                                                                                                                                                                                                            SHA-512:0332C7E5205CF9221172473A841284487ACC111780A58557231FCDE72A5EDB7E7E3EF6C87AB9682A688BC24992A74027F930267B541039BD8757EEF4E2F51A0E
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.ServiceProcess, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Serv759bfb78#\e2ca4e2ddffdc0d0bda3f2ca65249790\System.ServiceProcess.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.

                                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF21C9A09377CDFE9B.TMP

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                                                                                                                            Entropy (8bit):1.2528123799095074
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:48:ECgXukEBPveFXJvT5Eund1qISoedGPdGfSr7MStedGPdGRubBn:YXRHTKuqIrMoF
                                                                                                                                                                                                                                                                                                            MD5:0F3000F3FFC2BB926629C63208326EE1
                                                                                                                                                                                                                                                                                                            SHA1:7121EDD86DF18E6C57157E5DAF17C055A5AEA7DA
                                                                                                                                                                                                                                                                                                            SHA-256:3EBE3C48C6039210745255641E70245111E20C0ECAAA7685B3271B6A0E34FEE6
                                                                                                                                                                                                                                                                                                            SHA-512:A24305FB1234F1F02045BA63E4EDFE80C8D5DAADAAF29EF7097D01F8CA42061E4B81663499926AB9E46B4D8829CF3093F03D4537A4E0F56A1EFA9E81CFDE13B8
                                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF21C9A09377CDFE9B.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF2D3E5DF2735593AB.TMP

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):20480
                                                                                                                                                                                                                                                                                                            Entropy (8bit):1.564402935728125
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:48:2J8PhPuRc06WXJuFT5Eund1qISoedGPdGfSr7MStedGPdGRubBn:ZhP1FFTKuqIrMoF
                                                                                                                                                                                                                                                                                                            MD5:8F05F85A351E32EBFE29BC15878CA173
                                                                                                                                                                                                                                                                                                            SHA1:5833C4EBEDB9D839A8CAB7265E0F87E1304F9BBF
                                                                                                                                                                                                                                                                                                            SHA-256:44CAAD234A876BCEA20335DAB6F6DE3368316D3E25F1817404516DC9F213903B
                                                                                                                                                                                                                                                                                                            SHA-512:A7E804B23DC5CBE62C893AC4BCDB24E006B173E3429C10D00E47DFDBC82C82F888355D8422379D3B63F34F119219723BAA9335B8309A08D62EDDD0E8F3611519
                                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF2D3E5DF2735593AB.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF3BCE62784648DF98.TMP

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                                                                                                                            Entropy (8bit):1.2528123799095074
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:48:ECgXukEBPveFXJvT5Eund1qISoedGPdGfSr7MStedGPdGRubBn:YXRHTKuqIrMoF
                                                                                                                                                                                                                                                                                                            MD5:0F3000F3FFC2BB926629C63208326EE1
                                                                                                                                                                                                                                                                                                            SHA1:7121EDD86DF18E6C57157E5DAF17C055A5AEA7DA
                                                                                                                                                                                                                                                                                                            SHA-256:3EBE3C48C6039210745255641E70245111E20C0ECAAA7685B3271B6A0E34FEE6
                                                                                                                                                                                                                                                                                                            SHA-512:A24305FB1234F1F02045BA63E4EDFE80C8D5DAADAAF29EF7097D01F8CA42061E4B81663499926AB9E46B4D8829CF3093F03D4537A4E0F56A1EFA9E81CFDE13B8
                                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF3BCE62784648DF98.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF4630E950FA28A864.TMP

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):69632
                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.14326244189287857
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:48:CnxubmStedGPdGeqISoedGPdGfSr7Gnde:i4yLIrG8
                                                                                                                                                                                                                                                                                                            MD5:A16099D3A64E5ADCA57D36C75EE4B39D
                                                                                                                                                                                                                                                                                                            SHA1:6010185C859D79646CAB02F08B0722328A1C5EA5
                                                                                                                                                                                                                                                                                                            SHA-256:37D9EE1505EECBB7C531563B2D0B57D0822FE651C758D5743B945A71865A9518
                                                                                                                                                                                                                                                                                                            SHA-512:5BF8CF9D162C65D96CFCD387D940771AA9A3A401B231E69578FFB7BD8623042EEEA5A64C3C53F40B89279A809903A05425CAD934E0CFD7405D77B3D9FBE66679
                                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF4630E950FA28A864.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF510E6906F6ABC59A.TMP

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                                                                                                                            Entropy (8bit):1.2528123799095074
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:48:ECgXukEBPveFXJvT5Eund1qISoedGPdGfSr7MStedGPdGRubBn:YXRHTKuqIrMoF
                                                                                                                                                                                                                                                                                                            MD5:0F3000F3FFC2BB926629C63208326EE1
                                                                                                                                                                                                                                                                                                            SHA1:7121EDD86DF18E6C57157E5DAF17C055A5AEA7DA
                                                                                                                                                                                                                                                                                                            SHA-256:3EBE3C48C6039210745255641E70245111E20C0ECAAA7685B3271B6A0E34FEE6
                                                                                                                                                                                                                                                                                                            SHA-512:A24305FB1234F1F02045BA63E4EDFE80C8D5DAADAAF29EF7097D01F8CA42061E4B81663499926AB9E46B4D8829CF3093F03D4537A4E0F56A1EFA9E81CFDE13B8
                                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF510E6906F6ABC59A.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF7E61EBA641E00834.TMP

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.07201417405021923
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKO4DPlER/UWlXMvEIVky6l0:2F0i8n0itFzDHF4DypUWlXMvu0
                                                                                                                                                                                                                                                                                                            MD5:5B5FE0A8A3223D1547F66CB02051E550
                                                                                                                                                                                                                                                                                                            SHA1:22716CDCE4ACDFD748E10C76433131D411739E2D
                                                                                                                                                                                                                                                                                                            SHA-256:A6DB7AE15266FDC69B4EAA80D398B8529F0BFEF80C862348F4464D1439BA0B04
                                                                                                                                                                                                                                                                                                            SHA-512:00DDB0DC55CEF9C4A67EAF0D1DC43BD8C2AC3CEDDEC8FDEEC06C8A464F288C981F2CF5FFA506041C419950B66C294127D0E32678BDA86B497F43BB851C8680C9
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF8486836D499D5DEC.TMP

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DFAB9013E4DC96505C.TMP

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DFC333FC5749C6A673.TMP

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DFD8178A5030869E62.TMP

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DFF883924653294067.TMP

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):20480
                                                                                                                                                                                                                                                                                                            Entropy (8bit):1.564402935728125
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:48:2J8PhPuRc06WXJuFT5Eund1qISoedGPdGfSr7MStedGPdGRubBn:ZhP1FFTKuqIrMoF
                                                                                                                                                                                                                                                                                                            MD5:8F05F85A351E32EBFE29BC15878CA173
                                                                                                                                                                                                                                                                                                            SHA1:5833C4EBEDB9D839A8CAB7265E0F87E1304F9BBF
                                                                                                                                                                                                                                                                                                            SHA-256:44CAAD234A876BCEA20335DAB6F6DE3368316D3E25F1817404516DC9F213903B
                                                                                                                                                                                                                                                                                                            SHA-512:A7E804B23DC5CBE62C893AC4BCDB24E006B173E3429C10D00E47DFDBC82C82F888355D8422379D3B63F34F119219723BAA9335B8309A08D62EDDD0E8F3611519
                                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DFF883924653294067.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DFFD5FBDE6FB652FC4.TMP

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                            \Device\ConDrv

                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                            Size (bytes):455
                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.375446996412937
                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                            SSDEEP:12:Y0rsShlOS0+3dYvYmH2xOizaLWVj3rTPeH0L1:Y0rBBtUL4jXPeHe1
                                                                                                                                                                                                                                                                                                            MD5:EDF7C634E10B75B0D852610BED0C318E
                                                                                                                                                                                                                                                                                                            SHA1:E4D7A2AAE3C2014DE775806C6D49EED89F1C945C
                                                                                                                                                                                                                                                                                                            SHA-256:46BA46902CA93A936BD75870E1982F32D8E31D0F03119386C517CC6318FBD8B6
                                                                                                                                                                                                                                                                                                            SHA-512:E29BF71EFE699B3CDA2FEBE890C609D9C8352E5AD0F226724FA1748D4394AC752F742D5EA14DF93BDF64A2DF4B96954D61297752EE6841115625E0A6429215FC
                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                            Preview:{"PackageName":"AgentPackageAgentInformation","ExecutableCommandArgs":["minimalIdentification"],"Data":{"AccountId":"001Q300000Kh41eIAB","UserLogin":"1vf5mpi5iyis@upsnab.net","MachineName":"536720","CustomerId":"1","FolderId":"","IsMinimalIdentification":true,"UniqueMachineIdentifier":"hUu4siyWn1kj/wPWjVQjsynXyl5cTwqE8780Yt8HNuA=","OsType":"Windows"},"CommandId":"5da68ded-3041-4a37-bb29-975445cce246","AgentId":"95fbc98a-3c27-44ae-84cf-9e3acc292491"}..

                                                                                                                                                                                                                                                                                                            Static File Info

                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                            File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: AteraAgent, Author: Atera networks, Keywords: Installer, Comments: This installer database contains the logic and data required to install AteraAgent., Template: Intel;1033, Revision Number: {721AD955-79FD-4019-BBF5-9DCC4C1175BB}, Create Time/Date: Wed Feb 28 10:52:02 2024, Last Saved Time/Date: Wed Feb 28 10:52:02 2024, Number of Pages: 200, Number of Words: 6, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
                                                                                                                                                                                                                                                                                                            Entropy (8bit):7.878665163350764
                                                                                                                                                                                                                                                                                                            TrID:
                                                                                                                                                                                                                                                                                                            • Microsoft Windows Installer (60509/1) 57.88%
                                                                                                                                                                                                                                                                                                            • ClickyMouse macro set (36024/1) 34.46%
                                                                                                                                                                                                                                                                                                            • Generic OLE2 / Multistream Compound File (8008/1) 7.66%
                                                                                                                                                                                                                                                                                                            File name:registration.msi
                                                                                                                                                                                                                                                                                                            File size:2'994'176 bytes
                                                                                                                                                                                                                                                                                                            MD5:62367ba07bdc8e7abdc94d2bbe076216
                                                                                                                                                                                                                                                                                                            SHA1:5f0f1c2d77230f41cbb65989f24868a6dc4c9cfc
                                                                                                                                                                                                                                                                                                            SHA256:ed0ae67f36657cfe892fb58cc02b28f237ab5de0ed5f8cd902981dc892d7f737
                                                                                                                                                                                                                                                                                                            SHA512:4cd294b23518ac716929eda0061048ca0ca57a93593d9a6d8244b97d9a75b6d0017cba24328c5c5578f9efe5338c103fd18a11beb58f0b5d9a1427c4051fa2a8
                                                                                                                                                                                                                                                                                                            SSDEEP:49152:u+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:u+lUlz9FKbsodq0YaH7ZPxMb8tT
                                                                                                                                                                                                                                                                                                            TLSH:FCD523117584483AE3BB0A358D7AD6A05E7DFE605B70CA8E9308741E2E705C1AB76F73
                                                                                                                                                                                                                                                                                                            File Content Preview:........................>......................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                            File Icon

                                                                                                                                                                                                                                                                                                            Icon Hash:2d2e3797b32b2b99

                                                                                                                                                                                                                                                                                                            Network Behavior

                                                                                                                                                                                                                                                                                                            Suricata IDS Alerts

                                                                                                                                                                                                                                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                                                            2024-11-24T11:15:44.624775+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.64979713.232.67.198443TCP
                                                                                                                                                                                                                                                                                                            2024-11-24T11:16:29.702443+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.64990613.232.67.198443TCP
                                                                                                                                                                                                                                                                                                            2024-11-24T11:16:46.524446+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.64994913.232.67.198443TCP
                                                                                                                                                                                                                                                                                                            2024-11-24T11:16:51.068572+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.64996313.232.67.198443TCP
                                                                                                                                                                                                                                                                                                            2024-11-24T11:16:56.139542+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.64998513.232.67.198443TCP
                                                                                                                                                                                                                                                                                                            2024-11-24T11:17:02.168754+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.65000613.232.67.198443TCP
                                                                                                                                                                                                                                                                                                            2024-11-24T11:17:08.070982+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.65003513.232.67.198443TCP
                                                                                                                                                                                                                                                                                                            2024-11-24T11:17:14.628336+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.65006313.232.67.198443TCP
                                                                                                                                                                                                                                                                                                            2024-11-24T11:17:20.559847+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.65008813.232.67.198443TCP
                                                                                                                                                                                                                                                                                                            2024-11-24T11:17:23.972063+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.65009713.232.67.198443TCP
                                                                                                                                                                                                                                                                                                            2024-11-24T11:17:29.975402+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.65010713.232.67.198443TCP
                                                                                                                                                                                                                                                                                                            2024-11-24T11:19:25.813655+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.65033913.232.67.199443TCP
                                                                                                                                                                                                                                                                                                            2024-11-24T11:19:28.768515+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.65034313.232.67.199443TCP
                                                                                                                                                                                                                                                                                                            2024-11-24T11:19:31.944034+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.65034913.232.67.199443TCP

                                                                                                                                                                                                                                                                                                            Network Port Distribution

                                                                                                                                                                                                                                                                                                            TCP Packets

                                                                                                                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:35.216099977 CET49774443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:35.216128111 CET4434977413.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:35.216351032 CET49774443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:35.237886906 CET49774443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:35.237896919 CET4434977413.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:35.364056110 CET49775443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:35.364099979 CET4434977513.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:35.364186049 CET49775443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:35.392627001 CET49775443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:35.392643929 CET4434977513.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:37.685995102 CET4434977413.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:37.686117887 CET49774443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:37.693833113 CET49774443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:37.693850994 CET4434977413.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:37.694112062 CET4434977413.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:37.701838017 CET49774443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:37.747323990 CET4434977413.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:37.775697947 CET4434977513.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:37.777301073 CET49775443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:37.777631044 CET49775443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:37.777637959 CET4434977513.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:37.777879953 CET4434977513.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:37.784074068 CET49775443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:37.827337027 CET4434977513.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:38.232825994 CET4434977413.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:38.232903957 CET4434977413.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:38.233351946 CET49774443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:38.239414930 CET49774443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:38.305675030 CET4434977513.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:38.305732965 CET4434977513.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:38.306801081 CET49775443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:38.310955048 CET49775443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:38.541997910 CET49783443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:38.542028904 CET4434978313.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:38.542263985 CET49783443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:38.543874979 CET49783443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:38.543884993 CET4434978313.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:38.628000975 CET49784443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:38.628036976 CET4434978413.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:38.628185987 CET49784443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:38.628591061 CET49784443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:38.628606081 CET4434978413.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:40.960794926 CET4434978313.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:40.962332010 CET49783443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:40.962349892 CET4434978313.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:41.180723906 CET4434978413.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:41.181952000 CET49784443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:41.181969881 CET4434978413.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:41.475449085 CET4434978313.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:41.475522995 CET4434978313.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:41.475620031 CET49783443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:41.476135969 CET49783443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:41.661434889 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:41.661479950 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:41.661567926 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:41.661859989 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:41.661873102 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:41.719559908 CET4434978413.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:41.719577074 CET4434978413.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:41.719640970 CET4434978413.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:41.719662905 CET49784443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:41.719705105 CET49784443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:41.720488071 CET49784443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:41.788513899 CET49797443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:41.788552999 CET4434979713.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:41.788610935 CET49797443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:41.789207935 CET49797443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:41.789225101 CET4434979713.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:41.789402962 CET49798443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:41.789423943 CET4434979813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:41.789484024 CET49798443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:41.789714098 CET49798443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:41.789730072 CET4434979813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:43.470350981 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:43.470468998 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:43.474339962 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:43.474354982 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:43.474628925 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:43.475548029 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:43.523330927 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.090203047 CET4434979713.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.114599943 CET49797443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.114614010 CET4434979713.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.182909966 CET4434979813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.218527079 CET49798443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.218550920 CET4434979813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.219940901 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.219969034 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.219993114 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.220031023 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.220052958 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.220077991 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.220098019 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.398458004 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.398467064 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.398550987 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.398571968 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.398611069 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.447333097 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.447360039 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.447421074 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.447448015 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.447474957 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.447488070 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.565727949 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.565747976 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.565805912 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.565818071 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.565874100 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.591125011 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.591150045 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.591219902 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.591228008 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.591263056 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.591279984 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.617693901 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.617717028 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.617769957 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.617786884 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.617819071 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.617837906 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.624771118 CET4434979713.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.624846935 CET4434979713.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.624892950 CET49797443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.625443935 CET49797443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.636408091 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.636451006 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.636485100 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.636492968 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.636538029 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.636558056 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.754306078 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.754329920 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.754440069 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.754461050 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.754523039 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.769613981 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.769637108 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.769746065 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.769754887 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.769804001 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.782299042 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.782324076 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.782435894 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.782445908 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.782496929 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.795939922 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.796020031 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.796057940 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.796065092 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.796118975 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.810260057 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.810292006 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.810353041 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.810359001 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.810409069 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.810425997 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.823291063 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.823322058 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.823364973 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.823371887 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.823415041 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.823437929 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.837070942 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.837093115 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.837178946 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.837187052 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.837236881 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.849489927 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.849510908 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.849565029 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.849574089 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.849632025 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.948396921 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.948420048 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.948544979 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.948556900 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.948605061 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.960736036 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.960756063 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.960855961 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.960865974 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.960948944 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.970169067 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.970191002 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.970274925 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.970283031 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.970341921 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.980245113 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.980263948 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.980356932 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.980364084 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.980427027 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.988646030 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.988667011 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.988755941 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.988763094 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.988816977 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.998116016 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.998133898 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.998228073 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.998234034 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:44.998284101 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:45.007544041 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:45.007559061 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:45.007621050 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:45.007627964 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:45.007663965 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:45.007687092 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:45.017366886 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:45.017391920 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:45.017462969 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:45.017472982 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:45.017530918 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:45.139439106 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:45.139514923 CET44349795108.158.75.12192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:45.139559984 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:45.139597893 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:45.140119076 CET49795443192.168.2.6108.158.75.12
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:26.787158012 CET49906443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:26.787228107 CET4434990613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:26.787324905 CET49906443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:26.787919044 CET49906443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:26.787933111 CET4434990613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:29.177700043 CET4434990613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:29.179349899 CET49906443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:29.179394960 CET4434990613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:29.702447891 CET4434990613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:29.702521086 CET4434990613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:29.702605963 CET49906443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:29.704212904 CET49906443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:29.705161095 CET49912443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:29.705192089 CET4434991213.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:29.705279112 CET49912443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:29.705499887 CET49912443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:29.705508947 CET4434991213.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:32.093574047 CET4434991213.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:32.095230103 CET49912443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:32.095247984 CET4434991213.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:32.662264109 CET4434991213.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:32.702528000 CET49912443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:32.702542067 CET4434991213.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:32.703171015 CET49912443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:32.703247070 CET4434991213.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:32.703305006 CET49912443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:43.578423023 CET49798443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:43.578556061 CET4434979813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:43.578701019 CET49798443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:43.611020088 CET49949443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:43.611049891 CET4434994913.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:43.611130953 CET49949443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:43.611737967 CET49949443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:43.611752987 CET4434994913.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:43.612301111 CET49950443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:43.612312078 CET4434995013.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:43.612365007 CET49950443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:43.612668037 CET49950443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:43.612679958 CET4434995013.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:45.995136976 CET4434995013.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:45.995264053 CET49950443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:45.997488022 CET49950443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:45.997492075 CET4434995013.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:45.997726917 CET4434995013.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:45.998826981 CET49950443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:45.998861074 CET4434994913.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:45.998959064 CET49949443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:46.000339985 CET49949443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:46.000350952 CET4434994913.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:46.001117945 CET4434994913.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:46.002090931 CET49949443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:46.039402962 CET4434995013.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:46.043330908 CET4434994913.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:46.524509907 CET4434994913.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:46.524688005 CET4434994913.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:46.524805069 CET49949443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:46.525316954 CET49949443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:46.526148081 CET49959443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:46.526199102 CET4434995913.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:46.526436090 CET49959443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:46.526510000 CET49959443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:46.526520967 CET4434995913.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:46.565064907 CET4434995013.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:46.565133095 CET4434995013.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:46.565504074 CET49950443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:46.565797091 CET49950443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:48.064306974 CET49959443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:48.068363905 CET49963443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:48.068384886 CET4434996313.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:48.068464994 CET49963443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:48.068931103 CET49963443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:48.068943024 CET4434996313.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:48.069287062 CET49965443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:48.069325924 CET4434996513.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:48.069376945 CET49965443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:48.069642067 CET49965443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:48.069659948 CET4434996513.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:48.107326984 CET4434995913.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:48.869280100 CET4434995913.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:48.869374037 CET49959443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:50.377449036 CET4434996513.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:50.377520084 CET49965443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:50.379822969 CET49965443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:50.379827976 CET4434996513.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:50.380064011 CET4434996513.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:50.381206036 CET49965443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:50.427375078 CET4434996513.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:50.521369934 CET4434996313.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:50.521454096 CET49963443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:50.523516893 CET49963443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:50.523521900 CET4434996313.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:50.523766041 CET4434996313.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:50.524892092 CET49963443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:50.567361116 CET4434996313.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:50.901596069 CET4434996513.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:50.952682972 CET49965443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:50.952696085 CET4434996513.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:50.953419924 CET49965443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:50.953476906 CET4434996513.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:50.953594923 CET49965443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:50.956057072 CET49976443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:50.956091881 CET4434997613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:50.956147909 CET49976443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:50.956383944 CET49976443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:50.956394911 CET4434997613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:51.068600893 CET4434996313.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:51.068675995 CET4434996313.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:51.068739891 CET49963443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:51.069235086 CET49963443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:51.069839954 CET49977443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:51.069880009 CET4434997713.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:51.069986105 CET49977443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:51.070415020 CET49977443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:51.070430040 CET4434997713.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:53.157095909 CET49976443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:53.158349991 CET49977443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:53.162550926 CET49985443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:53.162595987 CET4434998513.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:53.162672997 CET49985443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:53.163469076 CET49985443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:53.163486004 CET4434998513.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:53.164344072 CET49986443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:53.164366961 CET4434998613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:53.164429903 CET49986443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:53.164794922 CET49986443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:53.164813042 CET4434998613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:53.203329086 CET4434997613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:53.203340054 CET4434997713.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:53.269372940 CET4434997613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:53.269435883 CET49976443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:53.459943056 CET4434997713.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:53.460009098 CET49977443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:53.460022926 CET49977443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:55.605664015 CET4434998513.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:55.605951071 CET49985443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:55.606262922 CET4434998613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:55.606347084 CET49986443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:55.607655048 CET49985443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:55.607676983 CET4434998513.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:55.607810020 CET49986443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:55.607816935 CET4434998613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:55.607923985 CET4434998513.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:55.608055115 CET4434998613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:55.608851910 CET49986443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:55.608994961 CET49985443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:55.651340961 CET4434998513.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:55.655328989 CET4434998613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:56.139530897 CET4434998513.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:56.139610052 CET4434998513.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:56.143112898 CET49985443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:56.143112898 CET49985443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:56.146528006 CET49997443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:56.146563053 CET4434999713.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:56.147119045 CET4434998613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:56.147444963 CET49997443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:56.147444963 CET49997443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:56.147478104 CET4434999713.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:56.190514088 CET49986443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:56.190543890 CET4434998613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:56.195323944 CET49986443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:56.195331097 CET49998443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:56.195388079 CET4434999813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:56.195470095 CET4434998613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:56.195513010 CET49998443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:56.195694923 CET4434998613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:56.195722103 CET49998443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:56.195736885 CET4434999813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:56.195759058 CET49986443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:56.195759058 CET49986443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:58.600820065 CET4434999713.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:58.606225967 CET49997443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:58.606249094 CET4434999713.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:58.643543959 CET4434999813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:58.649740934 CET49998443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:58.649808884 CET4434999813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:59.180680990 CET4434999813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:59.180752993 CET4434999813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:59.180838108 CET49998443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:59.181242943 CET4434999713.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:59.181324005 CET4434999713.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:59.181382895 CET49997443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:59.181395054 CET49998443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:59.181694984 CET49997443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:59.185121059 CET50006443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:59.185148954 CET4435000613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:59.185204029 CET50006443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:59.186105967 CET50007443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:59.186146021 CET4435000713.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:59.186228037 CET50006443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:59.186240911 CET4435000613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:59.186260939 CET50007443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:59.186470985 CET50007443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:59.186486006 CET4435000713.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:00.721247911 CET50007443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:00.726217985 CET50014443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:00.726254940 CET4435001413.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:00.726345062 CET50014443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:00.726810932 CET50014443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:00.726824045 CET4435001413.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:00.762051105 CET50014443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:00.762512922 CET50015443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:00.762541056 CET4435001513.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:00.762790918 CET50015443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:00.763017893 CET50015443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:00.763031006 CET4435001513.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:00.767335892 CET4435000713.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:00.807332993 CET4435001413.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:01.052294970 CET50015443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:01.053333044 CET50018443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:01.053363085 CET4435001813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:01.053435087 CET50018443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:01.053911924 CET50018443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:01.053922892 CET4435001813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:01.099340916 CET4435001513.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:01.493374109 CET4435000713.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:01.493444920 CET50007443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:01.633578062 CET4435000613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:01.634004116 CET50006443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:01.635812998 CET50006443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:01.635818005 CET4435000613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:01.636137009 CET4435000613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:01.637244940 CET50006443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:01.679336071 CET4435000613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:02.168768883 CET4435000613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:02.168869972 CET4435000613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:02.169178009 CET50006443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:02.170401096 CET50006443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:02.170401096 CET50022443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:02.170434952 CET4435002213.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:02.170600891 CET50022443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:02.174547911 CET50022443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:02.174566031 CET4435002213.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:03.147567987 CET4435001513.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:03.147640944 CET50015443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:03.147659063 CET50015443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:03.236208916 CET4435001413.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:03.236280918 CET50014443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:03.236298084 CET50014443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:03.511342049 CET4435001813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:03.511415958 CET50018443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:03.513381958 CET50018443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:03.513401031 CET4435001813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:03.513688087 CET4435001813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:03.514975071 CET50018443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:03.559329987 CET4435001813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:04.051745892 CET4435001813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:04.051824093 CET4435001813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:04.057811975 CET50018443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:04.072165012 CET50031443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:04.072168112 CET50018443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:04.072197914 CET4435003113.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:04.072396040 CET50031443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:04.074569941 CET50031443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:04.074593067 CET4435003113.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:04.562892914 CET4435002213.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:04.566565037 CET50022443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:04.566579103 CET4435002213.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:05.089602947 CET4435002213.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:05.089701891 CET4435002213.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:05.089760065 CET50022443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:05.090435028 CET50022443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:05.091640949 CET50035443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:05.091675997 CET4435003513.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:05.091769934 CET50035443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:05.092040062 CET50035443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:05.092055082 CET4435003513.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:06.729641914 CET4435003113.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:06.734671116 CET50031443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:06.734680891 CET4435003113.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:07.266304016 CET4435003113.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:07.266361952 CET4435003113.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:07.266446114 CET50031443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:07.266993999 CET50031443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:07.268138885 CET50043443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:07.268166065 CET4435004313.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:07.268223047 CET50043443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:07.268593073 CET50043443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:07.268608093 CET4435004313.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:07.533922911 CET4435003513.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:07.536248922 CET50035443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:07.536262035 CET4435003513.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:08.071023941 CET4435003513.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:08.071104050 CET4435003513.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:08.072451115 CET50046443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:08.072451115 CET50035443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:08.072468996 CET4435003513.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:08.072468996 CET4435004613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:08.072527885 CET50035443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:08.072659969 CET50035443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:08.072663069 CET50046443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:08.076606035 CET50046443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:08.076625109 CET4435004613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:09.642019033 CET4435004313.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:09.644758940 CET50043443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:09.644805908 CET4435004313.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:10.231399059 CET4435004313.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:10.280881882 CET50043443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:10.280910015 CET4435004313.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:10.281568050 CET50043443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:10.281696081 CET4435004313.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:10.281888008 CET4435004313.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:10.281965971 CET50043443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:10.281965971 CET50043443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:10.282397032 CET50056443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:10.282433033 CET4435005613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:10.284704924 CET50056443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:10.288754940 CET50056443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:10.288772106 CET4435005613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:10.769061089 CET4435004613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:10.769201994 CET50046443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:10.772656918 CET50046443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:10.772665024 CET4435004613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:10.772968054 CET4435004613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:10.776918888 CET50046443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:10.819340944 CET4435004613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:11.315413952 CET4435004613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:11.315494061 CET4435004613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:11.315537930 CET50046443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:11.685159922 CET50046443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:11.794218063 CET50063443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:11.794255018 CET4435006313.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:11.794302940 CET50063443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:11.795550108 CET50063443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:11.795561075 CET4435006313.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:12.693022966 CET4435005613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:12.693166971 CET50056443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:12.696697950 CET50056443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:12.696705103 CET4435005613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:12.696954012 CET4435005613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:12.697901011 CET50056443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:12.739339113 CET4435005613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:13.227413893 CET4435005613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:13.227507114 CET4435005613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:13.227602959 CET50056443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:13.228434086 CET50056443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:13.229538918 CET50070443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:13.229584932 CET4435007013.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:13.229667902 CET50070443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:13.229990005 CET50070443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:13.230000019 CET4435007013.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:14.105811119 CET4435006313.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:14.116892099 CET50063443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:14.116919041 CET4435006313.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:14.628384113 CET4435006313.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:14.628463984 CET4435006313.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:14.628554106 CET50063443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:14.630466938 CET50076443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:14.630471945 CET50063443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:14.630503893 CET4435007613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:14.630731106 CET50076443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:14.631336927 CET50076443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:14.631345987 CET4435007613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:15.613320112 CET4435007013.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:15.615098000 CET50070443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:15.615109921 CET4435007013.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:16.138972998 CET4435007013.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:16.139040947 CET4435007013.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:16.141661882 CET50070443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:16.141661882 CET50070443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:17.014182091 CET4435007613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:17.016336918 CET50076443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:17.016356945 CET4435007613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:17.537386894 CET4435007613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:17.537399054 CET4435007613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:17.537453890 CET50076443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:17.537467957 CET4435007613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:17.537488937 CET4435007613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:17.537538052 CET50076443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:17.538162947 CET50076443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:17.546089888 CET50088443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:17.546135902 CET4435008813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:17.546192884 CET50088443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:17.546706915 CET50088443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:17.546720982 CET4435008813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:17.547858000 CET50089443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:17.547909021 CET4435008913.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:17.547986031 CET50089443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:17.548268080 CET50089443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:17.548284054 CET4435008913.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:17.688097954 CET50089443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:17.689970016 CET50091443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:17.690002918 CET4435009113.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:17.690071106 CET50091443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:17.690473080 CET50091443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:17.690489054 CET4435009113.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:17.735328913 CET4435008913.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:19.730772972 CET4435008913.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:19.730930090 CET4435008913.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:19.731080055 CET50089443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:19.734194040 CET50089443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:19.886172056 CET4435008813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:19.886293888 CET50088443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:20.036098957 CET50088443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:20.036118031 CET4435008813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:20.036504984 CET4435008813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:20.038008928 CET50088443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:20.079356909 CET4435008813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:20.132091999 CET4435009113.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:20.132174015 CET50091443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:20.134696007 CET50091443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:20.134702921 CET4435009113.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:20.135005951 CET4435009113.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:20.136569023 CET50091443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:20.183332920 CET4435009113.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:20.559869051 CET4435008813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:20.560625076 CET50088443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:20.560657024 CET4435008813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:20.560707092 CET50088443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:21.072669983 CET50097443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:21.072717905 CET4435009713.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:21.072890043 CET50097443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:21.073539019 CET50097443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:21.073558092 CET4435009713.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:23.445301056 CET4435009713.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:23.445563078 CET50097443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:23.447408915 CET50097443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:23.447422981 CET4435009713.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:23.447684050 CET4435009713.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:23.450680017 CET50097443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:23.495322943 CET4435009713.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:23.972095966 CET4435009713.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:23.972170115 CET4435009713.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:23.972419024 CET50097443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:23.973010063 CET50097443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:23.974001884 CET50101443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:23.974044085 CET4435010113.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:23.974685907 CET50101443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:23.974891901 CET50101443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:23.974904060 CET4435010113.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:26.423341990 CET4435010113.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:26.425144911 CET50101443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:26.425162077 CET4435010113.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:26.957281113 CET4435010113.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:26.957362890 CET4435010113.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:26.957406998 CET50101443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:26.958067894 CET50101443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:26.959095955 CET50107443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:26.959130049 CET4435010713.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:26.959332943 CET50107443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:26.959482908 CET50107443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:26.959500074 CET4435010713.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:29.449508905 CET4435010713.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:29.451076031 CET50107443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:29.451086044 CET4435010713.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:29.975404024 CET4435010713.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:30.124773979 CET50107443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:30.124784946 CET4435010713.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:30.125282049 CET50107443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:30.125371933 CET4435010713.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:30.125437021 CET50107443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:30.126627922 CET50114443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:30.126661062 CET4435011413.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:30.126723051 CET50114443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:30.127249002 CET50114443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:30.127259970 CET4435011413.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:32.515744925 CET4435011413.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:32.515819073 CET50114443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:32.518529892 CET50114443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:32.518536091 CET4435011413.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:32.518804073 CET4435011413.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:32.519994974 CET50114443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:32.567343950 CET4435011413.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:33.086190939 CET4435011413.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:33.218542099 CET50114443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:33.218569994 CET4435011413.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:33.219083071 CET50114443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:33.219203949 CET4435011413.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:33.219342947 CET50114443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:33.222759962 CET50118443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:33.222793102 CET4435011813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:33.222975016 CET50118443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:33.223332882 CET50118443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:33.223345995 CET4435011813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:35.597858906 CET4435011813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:35.598050117 CET50118443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:35.599922895 CET50118443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:35.599936008 CET4435011813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:35.600178957 CET4435011813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:35.603730917 CET50118443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:35.651329041 CET4435011813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:36.125102997 CET4435011813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:36.265516043 CET50118443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:36.265527964 CET4435011813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:36.266258955 CET50118443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:36.266357899 CET4435011813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:36.266416073 CET50118443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:37.595038891 CET50126443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:37.595066071 CET4435012613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:37.595529079 CET50126443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:37.596070051 CET50126443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:37.596084118 CET4435012613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:38.258347988 CET4435009113.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:38.258373022 CET4435009113.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:38.258414030 CET50091443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:38.258430004 CET4435009113.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:38.258445024 CET4435009113.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:38.258521080 CET50091443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:38.259001017 CET50091443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:38.259938002 CET50130443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:38.259972095 CET4435013013.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:38.260104895 CET50130443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:38.260497093 CET50130443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:38.260533094 CET4435013013.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:38.345309973 CET50130443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:38.346720934 CET50131443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:38.346750021 CET4435013113.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:38.346803904 CET50131443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:38.348062992 CET50131443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:38.348077059 CET4435013113.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:38.391335011 CET4435013013.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:38.400345087 CET50131443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:38.401252985 CET50132443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:38.401304007 CET4435013213.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:38.401382923 CET50132443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:38.401849031 CET50132443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:38.401860952 CET4435013213.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:38.443334103 CET4435013113.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:39.911617994 CET4435012613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:39.911763906 CET50126443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:39.917613983 CET50126443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:39.917625904 CET4435012613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:39.918158054 CET4435012613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:39.920815945 CET50126443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:39.920874119 CET4435012613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:39.921082020 CET50126443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:39.925157070 CET50136443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:39.925168991 CET4435013613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:39.925653934 CET50136443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:39.929428101 CET50136443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:39.929450035 CET4435013613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:40.578697920 CET4435013013.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:40.578818083 CET50130443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:40.578818083 CET50130443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:40.578862906 CET4435013013.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:40.578902006 CET50130443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:40.781784058 CET4435013213.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:40.781856060 CET50132443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:40.784085035 CET50132443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:40.784091949 CET4435013213.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:40.784332037 CET4435013213.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:40.785940886 CET50132443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:40.785983086 CET4435013213.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:40.786024094 CET50132443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:40.787394047 CET50140443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:40.787426949 CET4435014013.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:40.787513018 CET50140443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:40.787782907 CET50140443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:40.787800074 CET4435014013.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:40.791588068 CET4435013113.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:40.791646004 CET50131443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:40.791666985 CET50131443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:42.380440950 CET4435013613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:42.380507946 CET50136443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:42.383083105 CET50136443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:42.383090019 CET4435013613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:42.383347988 CET4435013613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:42.385090113 CET50136443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:42.385117054 CET4435013613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:42.385225058 CET50136443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:42.386894941 CET50142443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:42.386924982 CET4435014213.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:42.387003899 CET50142443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:42.387403011 CET50142443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:42.387417078 CET4435014213.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:43.155702114 CET4435014013.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:43.155873060 CET50140443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:43.157787085 CET50140443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:43.157795906 CET4435014013.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:43.158039093 CET4435014013.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:43.160804033 CET50145443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:43.160854101 CET4435014513.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:43.160960913 CET50140443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:43.160995960 CET50145443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:43.161009073 CET4435014013.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:43.161156893 CET4435014013.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:43.161242962 CET50145443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:43.161258936 CET4435014513.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:43.161288977 CET50140443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:43.161288977 CET50140443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:44.699261904 CET4435014213.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:44.699341059 CET50142443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:44.701678991 CET50142443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:44.701689005 CET4435014213.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:44.701962948 CET4435014213.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:44.706156015 CET50142443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:44.706203938 CET4435014213.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:44.706254959 CET50142443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:45.542632103 CET4435014513.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:45.542772055 CET50145443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:45.545294046 CET50145443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:45.545303106 CET4435014513.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:45.545542955 CET4435014513.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:45.553827047 CET50145443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:45.553879976 CET4435014513.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:45.554065943 CET4435014513.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:45.554125071 CET50145443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:45.554126024 CET50145443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:47.756541014 CET50154443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:47.756592035 CET4435015413.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:47.756831884 CET50154443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:47.759955883 CET50154443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:47.759984016 CET4435015413.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:50.203104973 CET4435015413.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:50.203183889 CET50154443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:50.228952885 CET50154443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:50.228980064 CET4435015413.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:50.229315996 CET4435015413.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:50.236239910 CET50154443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:50.236320019 CET4435015413.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:50.236371994 CET50154443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:52.043319941 CET50166443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:52.043364048 CET4435016613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:52.043442011 CET50166443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:52.044863939 CET50166443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:52.044876099 CET4435016613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:54.428845882 CET4435016613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:54.429075956 CET50166443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:54.433084011 CET50166443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:54.433099031 CET4435016613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:54.433465004 CET4435016613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:54.438004971 CET50166443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:54.438087940 CET4435016613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:54.438158035 CET50166443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:55.233699083 CET50173443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:55.233747959 CET4435017313.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:55.233834028 CET50173443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:55.236021042 CET50173443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:55.236032963 CET4435017313.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:56.566442013 CET50182443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:56.566495895 CET4435018213.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:56.566679955 CET50182443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:56.567153931 CET50182443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:56.567164898 CET4435018213.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:58.001425028 CET4435017313.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:58.001539946 CET50173443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:58.004997015 CET50173443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:58.005016088 CET4435017313.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:58.005381107 CET4435017313.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:58.008326054 CET50184443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:58.008332014 CET50173443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:58.008356094 CET4435018413.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:58.008409977 CET4435017313.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:58.008513927 CET50173443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:58.008573055 CET50184443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:58.008886099 CET50184443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:58.008894920 CET4435018413.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:58.930993080 CET4435018213.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:58.931138039 CET50182443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:58.978667974 CET50182443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:58.978688955 CET4435018213.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:58.979203939 CET4435018213.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:58.983094931 CET50182443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:58.983155966 CET4435018213.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:58.983206034 CET50182443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:00.408375978 CET4435018413.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:00.408467054 CET50184443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:00.411067963 CET50184443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:00.411089897 CET4435018413.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:00.412033081 CET4435018413.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:00.413902998 CET50184443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:00.414005041 CET4435018413.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:00.414066076 CET50184443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:04.074407101 CET50195443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:04.074456930 CET4435019513.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:04.074527979 CET50195443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:04.079804897 CET50195443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:04.079818964 CET4435019513.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:05.316369057 CET50199443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:05.316420078 CET4435019913.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:05.316612959 CET50199443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:05.318916082 CET50199443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:05.318933964 CET4435019913.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:06.393965960 CET50199443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:06.395524025 CET50200443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:06.395566940 CET4435020013.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:06.395649910 CET50200443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:06.396115065 CET50200443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:06.396128893 CET4435020013.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:06.439338923 CET4435019913.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:06.454559088 CET4435019513.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:06.454838991 CET50195443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:06.459832907 CET50195443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:06.459865093 CET4435019513.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:06.460202932 CET4435019513.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:06.462030888 CET50195443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:06.462076902 CET4435019513.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:06.462179899 CET50195443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:07.644871950 CET4435019913.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:07.644947052 CET50199443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:07.644947052 CET50199443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:08.709455013 CET4435020013.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:08.709625959 CET50200443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:08.712120056 CET50200443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:08.712130070 CET4435020013.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:08.712326050 CET4435020013.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:08.713558912 CET50200443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:08.713589907 CET4435020013.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:08.713715076 CET4435020013.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:08.713788033 CET50200443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:08.713788033 CET50200443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:12.114998102 CET50208443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:12.115087986 CET4435020813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:12.119443893 CET50208443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:12.119443893 CET50208443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:12.119519949 CET4435020813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:13.147034883 CET50211443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:13.147119999 CET4435021113.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:13.147190094 CET50211443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:13.147768974 CET50211443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:13.147792101 CET4435021113.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:14.449678898 CET4435020813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:14.449827909 CET50208443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:14.452048063 CET50208443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:14.452079058 CET4435020813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:14.452889919 CET4435020813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:14.454988956 CET50208443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:14.455085993 CET4435020813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:14.455209970 CET50208443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:14.455892086 CET50218443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:14.455930948 CET4435021813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:14.456034899 CET50218443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:14.456279993 CET50218443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:14.456290960 CET4435021813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:15.525363922 CET4435021113.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:15.525469065 CET50211443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:15.527206898 CET50211443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:15.527221918 CET4435021113.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:15.528141975 CET4435021113.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:15.532286882 CET50211443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:15.532332897 CET4435021113.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:15.532406092 CET50211443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:16.835875034 CET4435021813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:16.835980892 CET50218443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:16.845832109 CET50218443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:16.845851898 CET4435021813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:16.846611977 CET4435021813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:16.847966909 CET50218443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:16.848041058 CET4435021813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:16.848226070 CET50218443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:19.194334030 CET50224443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:19.194377899 CET4435022413.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:19.194441080 CET50224443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:19.196520090 CET50224443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:19.196527958 CET4435022413.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:19.200175047 CET50225443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:19.200228930 CET4435022513.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:19.200284958 CET50225443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:19.202210903 CET50225443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:19.202224970 CET4435022513.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:21.569257021 CET4435022513.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:21.569355011 CET50225443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:21.571518898 CET50225443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:21.571531057 CET4435022513.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:21.571768045 CET4435022513.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:21.572283983 CET4435022413.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:21.572355986 CET50224443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:21.573206902 CET50225443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:21.573247910 CET4435022513.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:21.573297977 CET50225443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:21.574026108 CET50224443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:21.574033976 CET4435022413.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:21.574270010 CET4435022413.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:21.575431108 CET50224443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:21.575464010 CET4435022413.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:21.575517893 CET50224443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:22.969109058 CET50230443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:22.969160080 CET4435023013.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:22.969309092 CET50230443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:22.993061066 CET50231443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:22.993112087 CET4435023113.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:22.993336916 CET50231443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:22.994954109 CET50230443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:22.994976997 CET4435023013.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:22.995898008 CET50231443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:22.995918989 CET4435023113.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:23.221585989 CET50230443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:23.263338089 CET4435023013.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:25.180277109 CET50238443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:25.180325031 CET4435023813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:25.180378914 CET50238443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:25.192730904 CET50238443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:25.192748070 CET4435023813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:25.308773041 CET4435023013.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:25.308830023 CET50230443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:25.308849096 CET50230443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:25.380705118 CET4435023113.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:25.380774021 CET50231443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:25.388691902 CET50231443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:25.388710022 CET4435023113.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:25.389113903 CET4435023113.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:25.393606901 CET50231443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:25.393704891 CET4435023113.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:25.393750906 CET50231443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:25.399068117 CET50239443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:25.399113894 CET4435023913.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:25.399167061 CET50239443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:25.400964022 CET50239443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:25.400975943 CET4435023913.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:26.176892996 CET50239443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:26.177095890 CET50238443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:26.180882931 CET50240443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:26.180938005 CET4435024013.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:26.181029081 CET50240443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:26.181699038 CET50240443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:26.181713104 CET4435024013.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:26.219341040 CET4435023813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:26.219343901 CET4435023913.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:27.570262909 CET4435023813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:27.570369959 CET50238443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:27.570369959 CET50238443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:27.835155010 CET4435023913.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:27.835273981 CET50239443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:27.835274935 CET50239443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:28.562319994 CET4435024013.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:28.562403917 CET50240443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:28.633510113 CET50240443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:28.633548021 CET4435024013.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:28.633943081 CET4435024013.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:28.673949003 CET50240443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:28.674077988 CET4435024013.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:28.674124002 CET50240443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:30.956127882 CET50246443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:30.956195116 CET4435024613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:30.956264973 CET50246443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:30.958550930 CET50246443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:30.958575010 CET4435024613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:33.421006918 CET4435024613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:33.421284914 CET50246443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:33.423094034 CET50246443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:33.423110962 CET4435024613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:33.423759937 CET4435024613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:33.427107096 CET50246443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:33.427151918 CET4435024613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:33.427299976 CET4435024613.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:33.427370071 CET50246443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:33.427370071 CET50246443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:33.955698013 CET50250443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:33.955754995 CET4435025013.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:33.955951929 CET50250443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:33.956473112 CET50250443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:33.956485033 CET4435025013.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:36.415685892 CET4435025013.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:36.415765047 CET50250443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:36.418148041 CET50250443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:36.418160915 CET4435025013.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:36.418939114 CET4435025013.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:36.420577049 CET50250443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:36.420665026 CET4435025013.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:36.420725107 CET50250443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:39.519253969 CET50258443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:39.519309044 CET4435025813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:39.519789934 CET50258443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:39.521194935 CET50258443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:39.521209955 CET4435025813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:40.592453003 CET50261443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:40.592514038 CET4435026113.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:40.592580080 CET50261443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:40.594086885 CET50261443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:40.594103098 CET4435026113.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:41.899965048 CET4435025813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:41.900115013 CET50258443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:41.903163910 CET50258443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:41.903170109 CET4435025813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:41.903606892 CET4435025813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:41.905517101 CET50258443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:41.905579090 CET4435025813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:41.905874014 CET4435025813.232.67.198192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:41.906028986 CET50258443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:41.906028986 CET50258443192.168.2.613.232.67.198
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:41.907191992 CET50262443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:41.907248974 CET4435026213.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:41.907404900 CET50262443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:41.907639027 CET50262443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:41.907655001 CET4435026213.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:42.975218058 CET4435026113.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:42.975366116 CET50261443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:42.977220058 CET50261443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:42.977258921 CET4435026113.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:42.977617025 CET4435026113.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:42.978720903 CET50261443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:42.978775024 CET4435026113.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:42.978836060 CET50261443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:44.226421118 CET4435026213.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:44.226516962 CET50262443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:44.229716063 CET50262443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:44.229722023 CET4435026213.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:44.229980946 CET4435026213.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:44.231726885 CET50262443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:44.231806993 CET4435026213.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:44.231853962 CET50262443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:47.691184998 CET50272443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:47.691236973 CET4435027213.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:47.691442966 CET50272443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:47.694046974 CET50272443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:47.694058895 CET4435027213.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:50.172666073 CET4435027213.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:50.172745943 CET50272443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:50.175267935 CET50272443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:50.175281048 CET4435027213.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:50.175551891 CET4435027213.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:50.177150965 CET50272443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:50.177206039 CET4435027213.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:50.177251101 CET50272443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:52.757200003 CET50280443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:52.757241011 CET4435028013.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:52.757297993 CET50280443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:52.758927107 CET50280443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:52.758941889 CET4435028013.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:53.520178080 CET50282443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:53.520219088 CET4435028213.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:53.520410061 CET50282443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:53.520730972 CET50282443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:53.520747900 CET4435028213.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:55.129007101 CET4435028013.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:55.129084110 CET50280443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:55.131392956 CET50280443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:55.131405115 CET4435028013.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:55.131690025 CET4435028013.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:55.133155107 CET50280443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:55.133198977 CET4435028013.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:55.133338928 CET50280443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:55.134350061 CET50284443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:55.134390116 CET4435028413.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:55.134519100 CET50284443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:55.134805918 CET50284443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:55.134820938 CET4435028413.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:55.829406977 CET4435028213.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:55.835258007 CET50282443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:55.839302063 CET50282443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:55.839319944 CET4435028213.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:55.839894056 CET4435028213.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:55.847280979 CET50282443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:55.847537041 CET4435028213.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:55.847659111 CET50282443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:57.791768074 CET4435028413.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:57.791907072 CET50284443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:57.797723055 CET50284443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:57.797739029 CET4435028413.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:57.798065901 CET4435028413.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:57.799571991 CET50284443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:57.799638033 CET4435028413.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:57.799835920 CET4435028413.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:57.799973965 CET50284443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:57.799973965 CET50284443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:59.005539894 CET50294443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:59.005597115 CET4435029413.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:59.005655050 CET50294443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:59.007277966 CET50294443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:59.007297993 CET4435029413.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:00.319029093 CET50303443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:00.319077969 CET4435030313.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:00.319133997 CET50303443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:00.320055962 CET50303443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:00.320071936 CET4435030313.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:01.441051006 CET4435029413.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:01.441684961 CET50294443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:01.519948006 CET50294443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:01.519980907 CET4435029413.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:01.520339966 CET4435029413.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:01.541249037 CET50294443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:01.541369915 CET4435029413.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:01.541584015 CET4435029413.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:01.541608095 CET50294443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:01.541693926 CET50294443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:01.542503119 CET50304443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:01.542550087 CET4435030413.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:01.542853117 CET50304443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:01.543756008 CET50304443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:01.543778896 CET4435030413.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:02.709801912 CET4435030313.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:02.709947109 CET50303443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:02.711817980 CET50303443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:02.711841106 CET4435030313.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:02.712107897 CET4435030313.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:02.713172913 CET50303443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:02.713238955 CET4435030313.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:02.713300943 CET50303443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:02.973397017 CET50307443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:02.973469973 CET4435030713.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:02.973536015 CET50307443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:02.974152088 CET50307443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:02.974164009 CET4435030713.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:02.974860907 CET50304443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:03.019330978 CET4435030413.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:03.931587934 CET4435030413.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:03.931778908 CET4435030413.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:03.931915998 CET50304443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:03.931915998 CET50304443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:03.931915998 CET50304443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:05.414221048 CET4435030713.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:05.415287971 CET50307443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:05.419322968 CET50307443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:05.419348955 CET4435030713.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:05.419691086 CET4435030713.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:05.421937943 CET50307443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:05.422002077 CET4435030713.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:05.422209024 CET4435030713.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:05.422236919 CET50307443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:05.422360897 CET50307443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:10.289788961 CET50319443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:10.289843082 CET4435031913.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:10.289891958 CET50319443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:10.292790890 CET50319443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:10.292804003 CET4435031913.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:12.128211021 CET50322443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:12.128267050 CET4435032213.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:12.128660917 CET50322443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:12.134742975 CET50322443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:12.134783983 CET4435032213.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:12.334321976 CET50322443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:12.336952925 CET50323443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:12.337037086 CET4435032313.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:12.337105036 CET50323443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:12.339612961 CET50323443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:12.339631081 CET4435032313.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:12.375335932 CET4435032213.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:12.601149082 CET4435031913.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:12.601217031 CET50319443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:12.604605913 CET50319443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:12.604614973 CET4435031913.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:12.604953051 CET4435031913.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:12.606664896 CET50319443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:12.606724024 CET4435031913.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:12.606775045 CET50319443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:13.131817102 CET50326443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:13.131855011 CET4435032613.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:13.131920099 CET50326443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:13.133584023 CET50326443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:13.133596897 CET4435032613.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:14.548793077 CET4435032213.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:14.548856020 CET50322443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:14.548873901 CET50322443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:14.715373039 CET4435032313.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:14.715456009 CET50323443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:14.718693972 CET50323443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:14.718705893 CET4435032313.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:14.718987942 CET4435032313.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:14.720746040 CET50323443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:14.720851898 CET4435032313.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:14.720901966 CET50323443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:14.722307920 CET50329443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:14.722366095 CET4435032913.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:14.722429991 CET50329443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:14.722801924 CET50329443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:14.722820997 CET4435032913.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:15.595344067 CET4435032613.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:15.603302002 CET50326443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:15.603302002 CET50326443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:15.603333950 CET4435032613.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:15.603688955 CET4435032613.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:15.606040001 CET50326443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:15.606045961 CET50330443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:15.606102943 CET4435033013.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:15.606111050 CET4435032613.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:15.606316090 CET4435032613.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:15.606420040 CET50330443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:15.606420040 CET50330443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:15.606431961 CET50326443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:15.606453896 CET4435033013.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:15.607297897 CET50326443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:17.102791071 CET4435032913.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:17.102868080 CET50329443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:17.106412888 CET50329443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:17.106434107 CET4435032913.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:17.106771946 CET4435032913.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:17.108779907 CET50329443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:17.108839035 CET4435032913.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:17.108891964 CET50329443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:17.110989094 CET50334443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:17.111051083 CET4435033413.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:17.111118078 CET50334443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:17.111581087 CET50334443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:17.111597061 CET4435033413.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:18.189420938 CET4435033013.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:18.189950943 CET50330443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:18.191521883 CET50330443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:18.191536903 CET4435033013.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:18.191940069 CET4435033013.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:18.193130016 CET50330443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:18.193175077 CET4435033013.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:18.193248987 CET50330443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:19.547787905 CET4435033413.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:19.550060034 CET50334443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:20.414442062 CET50334443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:20.414498091 CET4435033413.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:20.414864063 CET4435033413.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:20.418864965 CET50334443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:20.418926001 CET4435033413.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:20.418983936 CET50334443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:21.895369053 CET50339443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:21.895440102 CET4435033913.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:21.896212101 CET50339443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:21.899369955 CET50339443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:21.899399996 CET4435033913.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:24.274823904 CET4435033913.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:24.274900913 CET50339443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:25.288003922 CET50339443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:25.288036108 CET4435033913.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:25.288335085 CET4435033913.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:25.290426016 CET50339443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:25.335335016 CET4435033913.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:25.813683033 CET4435033913.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:25.813770056 CET4435033913.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:25.813817978 CET50339443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:25.814445019 CET50339443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:25.908106089 CET50343443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:25.908174038 CET4435034313.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:25.908242941 CET50343443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:25.908543110 CET50343443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:25.908561945 CET4435034313.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:25.909149885 CET50344443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:25.909209967 CET4435034413.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:25.909271955 CET50344443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:25.909495115 CET50344443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:25.909503937 CET4435034413.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:28.245975971 CET4435034313.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:28.247617960 CET50343443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:28.247678041 CET4435034313.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:28.369057894 CET4435034413.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:28.371714115 CET50344443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:28.371737957 CET4435034413.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:28.768539906 CET4435034313.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:28.768611908 CET4435034313.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:28.768999100 CET50343443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:28.769267082 CET50343443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:28.902019978 CET4435034413.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:28.953567028 CET50344443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:28.953608036 CET4435034413.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:28.955159903 CET50344443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:28.955166101 CET50349443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:28.955228090 CET4435034913.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:28.955239058 CET4435034413.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:28.955348969 CET50349443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:28.955349922 CET50344443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:28.955635071 CET50349443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:28.955651999 CET4435034913.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:28.955888033 CET50350443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:28.955926895 CET4435035013.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:28.956146002 CET50350443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:28.956146002 CET50350443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:28.956173897 CET4435035013.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:31.282027960 CET4435035013.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:31.282104969 CET50350443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:31.285247087 CET50350443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:31.285260916 CET4435035013.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:31.285582066 CET4435035013.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:31.286608934 CET50350443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:31.327375889 CET4435035013.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:31.407433033 CET4435034913.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:31.407507896 CET50349443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:31.410276890 CET50349443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:31.410301924 CET4435034913.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:31.410708904 CET4435034913.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:31.411562920 CET50349443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:31.459340096 CET4435034913.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:31.944061995 CET4435034913.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:31.944154024 CET4435034913.232.67.199192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:31.944303989 CET50349443192.168.2.613.232.67.199
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:31.944875002 CET50349443192.168.2.613.232.67.199

                                                                                                                                                                                                                                                                                                            UDP Packets

                                                                                                                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:20.129924059 CET5128753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:31.943994999 CET5894953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:35.070044994 CET5448053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:35.208661079 CET53544801.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:40.109735012 CET4981853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:41.516089916 CET5447453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:41.656508923 CET53544741.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:34.844373941 CET5692253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:37.593851089 CET5783653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:48.065315962 CET6074853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:58.156748056 CET5129253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:07.997050047 CET5667953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:08.610547066 CET5227753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:20.510674000 CET6280253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:29.534102917 CET6374253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:34.548098087 CET6483053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:37.018805027 CET5677153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:47.701483965 CET5337253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:58.275146961 CET5210653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:08.909693003 CET5814553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:19.080413103 CET6498853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:28.721014023 CET6373453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:30.834738016 CET5854853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:40.089665890 CET5761453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:40.450509071 CET5638753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:40.591023922 CET53563871.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:49.643280029 CET4939153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:51.355206013 CET5014553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:01.990509987 CET6024253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:11.888169050 CET5222153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:14.174237013 CET5540953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:26.446583033 CET5758753192.168.2.61.1.1.1

                                                                                                                                                                                                                                                                                                            DNS Queries

                                                                                                                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:20.129924059 CET192.168.2.61.1.1.10xf3eStandard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:31.943994999 CET192.168.2.61.1.1.10x9a86Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:35.070044994 CET192.168.2.61.1.1.10x1815Standard query (0)ps.pndsn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:40.109735012 CET192.168.2.61.1.1.10xc2e2Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:41.516089916 CET192.168.2.61.1.1.10x581aStandard query (0)ps.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:34.844373941 CET192.168.2.61.1.1.10x9fb6Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:37.593851089 CET192.168.2.61.1.1.10xe971Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:48.065315962 CET192.168.2.61.1.1.10xa636Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:58.156748056 CET192.168.2.61.1.1.10x2f32Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:07.997050047 CET192.168.2.61.1.1.10x9fe2Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:08.610547066 CET192.168.2.61.1.1.10x471aStandard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:20.510674000 CET192.168.2.61.1.1.10xd663Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:29.534102917 CET192.168.2.61.1.1.10x434cStandard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:34.548098087 CET192.168.2.61.1.1.10xa766Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:37.018805027 CET192.168.2.61.1.1.10x205aStandard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:47.701483965 CET192.168.2.61.1.1.10xd8b9Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:58.275146961 CET192.168.2.61.1.1.10x6ad6Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:08.909693003 CET192.168.2.61.1.1.10xbf0aStandard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:19.080413103 CET192.168.2.61.1.1.10x2193Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:28.721014023 CET192.168.2.61.1.1.10xdd4fStandard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:30.834738016 CET192.168.2.61.1.1.10xd7e3Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:40.089665890 CET192.168.2.61.1.1.10x2b6cStandard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:40.450509071 CET192.168.2.61.1.1.10x7341Standard query (0)ps.pndsn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:49.643280029 CET192.168.2.61.1.1.10xb933Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:51.355206013 CET192.168.2.61.1.1.10x1cabStandard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:01.990509987 CET192.168.2.61.1.1.10x80f5Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:11.888169050 CET192.168.2.61.1.1.10xd8a4Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:14.174237013 CET192.168.2.61.1.1.10xdad2Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:26.446583033 CET192.168.2.61.1.1.10x7b1cStandard query (0)agent-api.atera.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                            DNS Answers

                                                                                                                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:10.812962055 CET1.1.1.1192.168.2.60xfcbbNo error (0)shed.dual-low.s-part-0035.t-0009.t-msedge.nets-part-0035.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:10.812962055 CET1.1.1.1192.168.2.60xfcbbNo error (0)s-part-0035.t-0009.t-msedge.net13.107.246.63A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:20.267688036 CET1.1.1.1192.168.2.60xf3eNo error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:28.020154953 CET1.1.1.1192.168.2.60x77a8No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:28.020154953 CET1.1.1.1192.168.2.60x77a8No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:30.798190117 CET1.1.1.1192.168.2.60xf162No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:30.798190117 CET1.1.1.1192.168.2.60xf162No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:30.815864086 CET1.1.1.1192.168.2.60xf8a1No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:30.815864086 CET1.1.1.1192.168.2.60xf8a1No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:30.864677906 CET1.1.1.1192.168.2.60x83bfNo error (0)windowsupdatebg.s.llnwi.net178.79.238.128A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:30.864677906 CET1.1.1.1192.168.2.60x83bfNo error (0)windowsupdatebg.s.llnwi.net178.79.238.0A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:32.082427025 CET1.1.1.1192.168.2.60x9a86No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:35.208661079 CET1.1.1.1192.168.2.60x1815No error (0)ps.pndsn.com13.232.67.198A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:35.208661079 CET1.1.1.1192.168.2.60x1815No error (0)ps.pndsn.com13.232.67.199A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:40.247102976 CET1.1.1.1192.168.2.60xc2e2No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:41.656508923 CET1.1.1.1192.168.2.60x581aNo error (0)ps.atera.comd25btwd9wax8gu.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:41.656508923 CET1.1.1.1192.168.2.60x581aNo error (0)d25btwd9wax8gu.cloudfront.net108.158.75.12A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:41.656508923 CET1.1.1.1192.168.2.60x581aNo error (0)d25btwd9wax8gu.cloudfront.net108.158.75.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:41.656508923 CET1.1.1.1192.168.2.60x581aNo error (0)d25btwd9wax8gu.cloudfront.net108.158.75.4A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:41.656508923 CET1.1.1.1192.168.2.60x581aNo error (0)d25btwd9wax8gu.cloudfront.net108.158.75.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:45.439444065 CET1.1.1.1192.168.2.60xa2a4No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:15:45.439444065 CET1.1.1.1192.168.2.60xa2a4No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:31.631247997 CET1.1.1.1192.168.2.60x54f9No error (0)windowsupdatebg.s.llnwi.net178.79.238.0A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:31.631247997 CET1.1.1.1192.168.2.60x54f9No error (0)windowsupdatebg.s.llnwi.net178.79.238.128A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:34.981909037 CET1.1.1.1192.168.2.60x9fb6No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:37.732003927 CET1.1.1.1192.168.2.60xe971No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:48.207288027 CET1.1.1.1192.168.2.60xa636No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:16:58.296597004 CET1.1.1.1192.168.2.60x2f32No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:08.133800030 CET1.1.1.1192.168.2.60x9fe2No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:08.751952887 CET1.1.1.1192.168.2.60x471aNo error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:20.647985935 CET1.1.1.1192.168.2.60xd663No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:29.763789892 CET1.1.1.1192.168.2.60x434cNo error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:34.685094118 CET1.1.1.1192.168.2.60xa766No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:37.156229973 CET1.1.1.1192.168.2.60x205aNo error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:44.654669046 CET1.1.1.1192.168.2.60x1894No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:44.654669046 CET1.1.1.1192.168.2.60x1894No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:47.841514111 CET1.1.1.1192.168.2.60xd8b9No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:17:58.412688971 CET1.1.1.1192.168.2.60x6ad6No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:09.215704918 CET1.1.1.1192.168.2.60xbf0aNo error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:19.414868116 CET1.1.1.1192.168.2.60x2193No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:28.857733965 CET1.1.1.1192.168.2.60xdd4fNo error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:30.971755981 CET1.1.1.1192.168.2.60xd7e3No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:40.491565943 CET1.1.1.1192.168.2.60x2b6cNo error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:40.591023922 CET1.1.1.1192.168.2.60x7341No error (0)ps.pndsn.com13.232.67.199A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:40.591023922 CET1.1.1.1192.168.2.60x7341No error (0)ps.pndsn.com13.232.67.198A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:49.782131910 CET1.1.1.1192.168.2.60xb933No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:18:51.647005081 CET1.1.1.1192.168.2.60x1cabNo error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:02.131795883 CET1.1.1.1192.168.2.60x80f5No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:12.025024891 CET1.1.1.1192.168.2.60xd8a4No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:14.311784983 CET1.1.1.1192.168.2.60xdad2No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                            Nov 24, 2024 11:19:26.584636927 CET1.1.1.1192.168.2.60x7b1cNo error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false

                                                                                                                                                                                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                                            • ps.pndsn.com
                                                                                                                                                                                                                                                                                                            • ps.atera.com

                                                                                                                                                                                                                                                                                                            HTTPS Proxied Packets

                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                            0192.168.2.64977413.232.67.198443800C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                            2024-11-24 10:15:37 UTC183OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=af5bf701-7249-45e5-86be-19d8d9c83003&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1
                                                                                                                                                                                                                                                                                                            Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                            2024-11-24 10:15:38 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                            Date: Sun, 24 Nov 2024 10:15:37 GMT
                                                                                                                                                                                                                                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                                                            Content-Length: 19
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                            Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                            2024-11-24 10:15:38 UTC19INData Raw: 5b 31 37 33 32 34 34 33 33 33 37 39 37 34 38 35 37 30 5d
                                                                                                                                                                                                                                                                                                            Data Ascii: [17324433379748570]


                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                            1192.168.2.64977513.232.67.198443800C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                            2024-11-24 10:15:37 UTC364OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95fbc98a-3c27-44ae-84cf-9e3acc292491/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=2437e5c2-c49a-46e7-85a0-5bd5b0f3e346&tt=0&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                            Content-Type: application/json
                                                                                                                                                                                                                                                                                                            Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                            2024-11-24 10:15:38 UTC277INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                            Date: Sun, 24 Nov 2024 10:15:38 GMT
                                                                                                                                                                                                                                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                            Content-Length: 45
                                                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Methods: GET
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                            Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                            2024-11-24 10:15:38 UTC45INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 33 32 34 34 33 33 33 37 39 34 37 37 36 38 35 22 2c 22 72 22 3a 33 31 7d 2c 22 6d 22 3a 5b 5d 7d
                                                                                                                                                                                                                                                                                                            Data Ascii: {"t":{"t":"17324433379477685","r":31},"m":[]}


                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                            2192.168.2.64978313.232.67.198443800C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                            2024-11-24 10:15:40 UTC183OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=bf7ca070-0a55-4d8e-8d7a-52b5cb49f44c&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1
                                                                                                                                                                                                                                                                                                            Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                            2024-11-24 10:15:41 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                            Date: Sun, 24 Nov 2024 10:15:41 GMT
                                                                                                                                                                                                                                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                                                            Content-Length: 19
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                            Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                            2024-11-24 10:15:41 UTC19INData Raw: 5b 31 37 33 32 34 34 33 33 34 31 32 32 37 31 35 32 36 5d
                                                                                                                                                                                                                                                                                                            Data Ascii: [17324433412271526]


                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                            3192.168.2.64978413.232.67.198443800C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                            2024-11-24 10:15:41 UTC386OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95fbc98a-3c27-44ae-84cf-9e3acc292491/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=5acd82f0-57ae-41e0-85e3-b5cb80ee27df&tr=31&tt=17324433379477685&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                            Content-Type: application/json
                                                                                                                                                                                                                                                                                                            Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                            2024-11-24 10:15:41 UTC279INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                            Date: Sun, 24 Nov 2024 10:15:41 GMT
                                                                                                                                                                                                                                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                            Content-Length: 3704
                                                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Methods: GET
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                            Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                            2024-11-24 10:15:41 UTC3704INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 33 32 34 34 33 33 34 31 31 35 38 30 35 36 32 22 2c 22 72 22 3a 33 31 7d 2c 22 6d 22 3a 5b 7b 22 61 22 3a 22 32 22 2c 22 66 22 3a 30 2c 22 69 22 3a 22 30 39 36 30 61 34 30 63 2d 39 34 66 30 2d 34 30 66 61 2d 61 31 64 35 2d 36 30 61 32 31 33 62 63 33 34 65 64 22 2c 22 70 22 3a 7b 22 74 22 3a 22 31 37 33 32 34 34 33 33 34 30 36 30 38 37 31 34 39 22 2c 22 72 22 3a 34 32 7d 2c 22 6b 22 3a 22 73 75 62 2d 63 2d 61 30 32 63 65 63 61 38 2d 61 39 35 38 2d 31 31 65 35 2d 62 64 38 63 2d 30 36 31 39 66 38 39 34 35 61 34 66 22 2c 22 63 22 3a 22 39 35 66 62 63 39 38 61 2d 33 63 32 37 2d 34 34 61 65 2d 38 34 63 66 2d 39 65 33 61 63 63 32 39 32 34 39 31 22 2c 22 64 22 3a 7b 22 43 6f 6d 6d 61 6e 64 49 64 22 3a 22 65 38 64 38 30 37 39
                                                                                                                                                                                                                                                                                                            Data Ascii: {"t":{"t":"17324433411580562","r":31},"m":[{"a":"2","f":0,"i":"0960a40c-94f0-40fa-a1d5-60a213bc34ed","p":{"t":"17324433406087149","r":42},"k":"sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f","c":"95fbc98a-3c27-44ae-84cf-9e3acc292491","d":{"CommandId":"e8d8079


                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                            4192.168.2.649795108.158.75.12443800C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                            2024-11-24 10:15:43 UTC212OUTGET /agentpackagesnet45/AgentPackageAgentInformation/38.0/AgentPackageAgentInformation.zip?w8Q4MxnxsTU+y3lbIKhb1p3E6E9NGNGr43vM7ggjDRD5G9cDVa0pn3fF3kInqamc HTTP/1.1
                                                                                                                                                                                                                                                                                                            Host: ps.atera.com
                                                                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                            2024-11-24 10:15:44 UTC671INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                                            Content-Length: 384542
                                                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                                                            Content-MD5: SgmofSAE2sSwBofpyfFQNg==
                                                                                                                                                                                                                                                                                                            Last-Modified: Tue, 12 Nov 2024 07:13:54 GMT
                                                                                                                                                                                                                                                                                                            ETag: 0x8DD02E9910FA268
                                                                                                                                                                                                                                                                                                            Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                                            x-ms-request-id: 4f2b2192-601e-007b-57cf-3c3f56000000
                                                                                                                                                                                                                                                                                                            x-ms-version: 2009-09-19
                                                                                                                                                                                                                                                                                                            x-ms-lease-status: unlocked
                                                                                                                                                                                                                                                                                                            x-ms-blob-type: BlockBlob
                                                                                                                                                                                                                                                                                                            Date: Sat, 23 Nov 2024 11:11:18 GMT
                                                                                                                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                            X-Cache: Hit from cloudfront
                                                                                                                                                                                                                                                                                                            Via: 1.1 6481f3b72e695f5d2b0b995611da44a2.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                            X-Amz-Cf-Pop: BAH53-P2
                                                                                                                                                                                                                                                                                                            X-Amz-Cf-Id: HPyU7_Lc587Rfh5AghI5IgmsfDR6HbltQRWPyv_CYGDJm7P7qgjePw==
                                                                                                                                                                                                                                                                                                            Age: 83064
                                                                                                                                                                                                                                                                                                            2024-11-24 10:15:44 UTC15713INData Raw: 50 4b 03 04 2d 00 09 08 08 00 b9 39 6c 59 b5 ba a1 7d ff ff ff ff ff ff ff ff 3d 00 14 00 41 67 65 6e 74 50 61 63 6b 61 67 65 41 67 65 6e 74 49 6e 66 6f 72 6d 61 74 69 6f 6e 2f 41 67 65 6e 74 50 61 63 6b 61 67 65 41 67 65 6e 74 49 6e 66 6f 72 6d 61 74 69 6f 6e 2e 65 78 65 01 00 10 00 28 b6 02 00 00 00 00 00 df 1b 01 00 00 00 00 00 e3 12 a7 01 2c f1 1b de 31 c7 8a 39 3e 6b 73 27 36 d0 73 2b 61 ce ce e3 d2 b6 cb 71 21 62 f9 4e 18 e5 1e a6 ed c3 a5 43 de 14 0c f6 81 ff 20 24 ff d5 3a 2d 75 b6 26 8e d9 8b a4 ae e1 2e bd 40 7e 84 03 06 21 73 f7 1f ae 94 a0 7d ab a6 99 3b a0 b8 5f e3 30 9a 41 f2 ec e6 d0 a8 20 53 e8 c2 17 fd 08 50 b9 08 97 28 2f f1 4c 63 d3 c6 76 04 21 b5 c3 d7 bb be b4 9c 43 48 ed cb 7f 13 28 f5 12 6a cb 1b 54 89 c5 9d 34 6d 19 74 79 dc 8f 06
                                                                                                                                                                                                                                                                                                            Data Ascii: PK-9lY}=AgentPackageAgentInformation/AgentPackageAgentInformation.exe(,19>ks'6s+aq!bNC $:-u&.@~!s};_0A SP(/Lcv!CH(jT4mty
                                                                                                                                                                                                                                                                                                            2024-11-24 10:15:44 UTC16384INData Raw: 0c cc bd 59 a8 e2 7f f2 62 5b 05 a8 cf b7 7d ad c3 72 23 c6 66 69 f0 13 18 61 36 de 2e 03 f9 23 e0 33 74 b9 36 83 32 e4 b8 e7 e8 68 01 3e 67 11 05 51 af 2d 54 88 ba c2 b9 3c 69 17 81 ac 93 76 c5 d1 90 d6 26 62 33 61 f2 e3 02 29 9b 7c 60 f6 a9 8b ba 43 a3 b6 63 4e 23 65 6d 67 55 cb 2a f7 0a 97 49 40 5b 66 7e 13 3d ca 1d 99 14 88 c2 1c 1e 74 8c 25 aa 61 32 3a f5 99 ec 55 96 47 43 e4 a9 e5 62 39 fe 2f 49 04 32 92 cb a7 c7 7b d8 21 11 5a 8a c1 d2 e6 af c8 ff 51 fd 76 29 d8 6a 46 92 7f 63 97 fa c1 bb 56 1e b6 2f 4f c9 db 62 e6 c6 f5 1c da ac 9e 92 c2 95 45 e1 2a a8 cd fb 4c 5f bc 5e 4d b6 58 3b 13 ab 6a e0 f8 e8 da 32 48 aa 58 1a 2c 88 59 29 b2 ba c0 79 89 fd c3 26 ba e4 70 4e 4d 33 10 51 55 16 e1 e2 97 c5 32 58 75 d3 0e d3 8e 1a 7b f0 3c 7f 54 65 f0 f5 78 e0
                                                                                                                                                                                                                                                                                                            Data Ascii: Yb[}r#fia6.#3t62h>gQ-T<iv&b3a)|`CcN#emgU*I@[f~=t%a2:UGCb9/I2{!ZQv)jFcV/ObE*L_^MX;j2HX,Y)y&pNM3QU2Xu{<Tex
                                                                                                                                                                                                                                                                                                            2024-11-24 10:15:44 UTC16384INData Raw: 6d 41 6b 15 dd 35 67 f7 42 05 aa af 12 db f2 c4 08 3e 46 cf b6 64 90 7f 66 f3 76 74 97 4b 38 0b 60 60 59 5a 5d f5 03 01 5f 6e f7 80 62 2e 1a 10 f9 a4 93 83 0d b1 b0 dd bb fb fc 84 54 f3 20 79 b3 f5 57 a0 09 68 9e fa 6d 6e f7 37 1b 55 8d b0 c0 ae 7f 89 8e 39 b7 eb ee 6c b9 d8 55 69 0f 06 8a 70 71 7c 2b 81 36 ce 25 fa e8 6a be 9b 9a 40 fe b9 ee 4e 2f ab 3c d5 3a 27 5e 49 66 ce 2a b7 57 f7 aa b1 dd 4c c2 0f 6e a9 3e 5e 05 bd f2 2d 03 15 60 4d ce d7 36 78 a6 41 14 cd 17 45 22 e8 c5 a0 10 f8 1f 07 20 6b e5 5f 61 75 84 a2 aa 50 26 8d 2d 5f 1c aa c8 c7 6e 4b 49 cb cc 5d 0f fa 14 22 82 9f fb 3c 22 4b b9 4b c9 d7 96 fc ac 55 f0 cc c1 2a 68 d1 66 1f 83 8a 76 7a f3 d5 15 f4 59 9c 0b 37 18 b1 41 d2 b7 bc 44 46 8d 5a b3 bb 72 0d df 42 de 5d 7c 4e 91 1e 0c 73 70 ca a4
                                                                                                                                                                                                                                                                                                            Data Ascii: mAk5gB>FdfvtK8``YZ]_nb.T yWhmn7U9lUipq|+6%j@N/<:'^If*WLn>^-`M6xAE" k_auP&-_nKI]"<"KKU*hfvzY7ADFZrB]|Nsp
                                                                                                                                                                                                                                                                                                            2024-11-24 10:15:44 UTC16384INData Raw: 53 a7 b1 8b b4 14 78 de 25 1c 8d 99 f3 12 2a 79 07 f8 89 22 81 a4 ea 40 bd 6f fb fe 78 33 83 e9 99 45 f9 09 23 ce 93 b2 63 00 fa c5 4d 3e 21 e8 28 67 57 d4 81 2e ab 6e 0f 65 47 1c fe f2 18 6b 45 db 7e 8a 52 c1 b9 30 d2 e5 d0 7e 7f f6 9b fa 78 97 5e 24 c2 9b 6e 56 22 95 b2 aa d0 36 c0 d6 c2 ad 2e 86 3f 9d d3 ee 06 f0 71 74 2c ce ac 14 62 1b 0f 29 34 6b bb de 66 87 7a 44 25 76 9c f9 27 08 0e e5 bd 08 8d d1 7b 3f ef aa bb 0c 58 46 5c 94 55 84 c3 17 74 da 38 ee 80 32 93 e6 46 f9 6c 22 9d 49 bf 4d cc 0f 64 e1 ab 03 02 34 6e 0e df 95 57 32 53 dc 27 a1 e3 12 25 87 7a 4e f0 ac e2 d2 0d 00 dd ba 22 ac 74 de 93 9f f2 77 7a 9f 90 95 4d c8 c9 1d 91 3e 40 0a f9 ca 6d 4d 49 a9 10 ff ad 0e f0 ea ff 3d 6a 18 7f cb 0e 13 5a 13 51 67 d4 55 9c 58 ce 78 bf 0e a1 84 a0 0c e8
                                                                                                                                                                                                                                                                                                            Data Ascii: Sx%*y"@ox3E#cM>!(gW.neGkE~R0~x^$nV"6.?qt,b)4kfzD%v'{?XF\Ut82Fl"IMd4nW2S'%zN"twzM>@mMI=jZQgUXx
                                                                                                                                                                                                                                                                                                            2024-11-24 10:15:44 UTC16384INData Raw: 04 a8 e7 88 f5 07 53 81 9c 78 c1 86 56 67 d7 e3 3e 65 8f 8a 20 95 24 01 1a 78 dc 3b 8c f6 cb bf 8a 58 96 b4 7b d9 d4 c5 fd 52 35 25 1e 6e 95 ac fb 39 42 83 ab 8d 60 c7 4b f4 ea e5 9a aa 04 b5 5e 50 e0 bc b0 9c f4 e2 da 4b 89 f9 e6 c0 2c 64 bb 3e 61 fe d5 aa 55 57 e5 c9 81 16 af 3e 2a 52 fe 2d 97 48 5c 95 df 32 5f 00 d5 5b 2b 91 84 d0 6c 17 35 6a 27 0b 21 bc 76 03 d5 dd 15 07 b4 cf 12 7f c7 20 b5 df 70 4a 8d a7 cc 70 c4 35 ff 48 d8 03 5a 6b 0c 09 07 fa 34 ec 01 2c d5 28 e0 98 69 88 3c 7d 83 4b e0 e6 79 39 de 0f 67 a7 3a c2 0f a6 63 27 95 23 9d ef 87 67 16 f9 bf 4e 9e ec ed 35 d0 24 f5 ca 5b f5 b1 4d 9b 0b df e3 ba e8 49 d5 cb b4 14 07 52 e4 fc d8 ac ed 5a 1b b8 e3 21 60 cf ab 79 05 c5 3a 6e c2 29 d7 04 b7 e5 86 2b df f3 4b 1c 6c a0 83 2c c5 3a c7 60 49 86
                                                                                                                                                                                                                                                                                                            Data Ascii: SxVg>e $x;X{R5%n9B`K^PK,d>aUW>*R-H\2_[+l5j'!v pJp5HZk4,(i<}Ky9g:c'#gN5$[MIRZ!`y:n)+Kl,:`I
                                                                                                                                                                                                                                                                                                            2024-11-24 10:15:44 UTC16384INData Raw: e9 e9 ba ed c4 8d b4 a2 18 0b e6 29 a1 31 bd 29 68 ff b2 29 0d f4 9e 88 4f dc 40 e7 d2 2c 27 45 36 11 f6 51 76 f3 e3 84 b5 db c7 d0 db 41 03 92 6d 3c 57 05 38 0f 9c ea d8 fb 45 b6 6b 1d b8 f7 f8 0a 30 bd 59 bf 9f e0 f8 74 f7 7f 97 82 6b 08 27 a6 df 7c 70 8c 3c eb 33 32 84 58 c8 2f cb a3 95 e5 ac 73 0c 03 ed 7e 08 3b 4a da 3a ca 9a a3 80 fa 21 db 0c c8 43 f3 d7 48 9e 09 37 fb 20 6b c2 74 45 5a 2c 15 64 d1 78 a7 81 c5 48 92 9d 57 92 bb d9 7d 8b dd bb ab f8 6a 33 e3 ab c1 11 f6 ea ea 0e 31 66 f2 20 ab 8c 78 e3 17 61 fc 61 31 30 b0 c7 c3 f5 ff 98 41 0d 09 ec 91 00 23 9f f0 d1 da cf 26 c3 bc 37 46 f6 74 70 5f 89 3c 5a 4b d6 73 d8 02 69 2e fd 33 3d 01 ba 4b 39 b0 62 61 2f 6b 17 f8 5e fb a7 76 4c f9 df 3e 40 2d 71 22 e1 6b 6e ec 60 76 7b e4 10 b3 7d c5 cb bb e0
                                                                                                                                                                                                                                                                                                            Data Ascii: )1)h)O@,'E6QvAm<W8Ek0Ytk'|p<32X/s~;J:!CH7 ktEZ,dxHW}j31f xaa10A#&7Ftp_<ZKsi.3=K9ba/k^vL>@-q"kn`v{}
                                                                                                                                                                                                                                                                                                            2024-11-24 10:15:44 UTC16384INData Raw: ef 59 e7 b5 d4 2d a5 19 af 19 41 6d e4 b3 45 8e 60 3a ee 10 2a fa 7c 74 0a d9 63 56 6a 08 09 b1 c4 03 73 4f da fd 93 a0 94 f5 11 4c d2 45 70 db 4c bc 69 8b 1e 6b fa eb cd b3 f9 cb 54 60 eb 8a 65 5c 11 30 7f 36 07 ed 5f 7d ca 6d d1 91 c1 ec 00 c9 99 3b c2 a9 5b 80 60 56 a7 64 21 3e 27 e7 09 b0 32 70 7e 45 c2 f4 88 49 68 02 d3 06 53 a0 b0 88 c6 2a d2 f1 df 48 21 52 c8 13 75 00 49 f0 90 7c 84 e2 df 44 8a 24 2b b0 60 f4 19 62 a3 91 8d a6 fa b4 45 dc a2 7e a6 bf b3 0f 86 bb 0f 38 c4 b8 d9 bf bc a9 82 68 45 b7 0c 72 23 28 e2 bb d5 9f f6 b0 a2 c1 16 37 9b 70 c2 2d 91 09 50 07 57 d6 55 09 38 95 d3 07 b5 ce ca a7 96 2c 04 3a b1 b7 3a dc c9 f3 34 82 da fd 56 11 d4 07 c1 54 b2 08 d1 6f ae 58 3f 76 49 d8 6d be e6 b5 d3 46 1e 5d e5 40 70 4e 56 fe ab 8d 67 e2 e7 e9 f7
                                                                                                                                                                                                                                                                                                            Data Ascii: Y-AmE`:*|tcVjsOLEpLikT`e\06_}m;[`Vd!>'2p~EIhS*H!RuI|D$+`bE~8hEr#(7p-PWU8,::4VToX?vImF]@pNVg
                                                                                                                                                                                                                                                                                                            2024-11-24 10:15:44 UTC16384INData Raw: 5b e9 d9 88 51 38 2b 38 71 0f 11 b2 27 2f 44 7f 60 60 8d 72 a4 62 c5 2a 5c ac 25 5e 3f 6d 8f eb 87 2d c5 18 ef 66 85 57 aa 78 15 50 c4 bb f0 5d 23 ae 65 44 1d 14 30 54 7c 8a e6 cb d3 fa 0e 22 ab 72 24 19 73 c0 a7 17 0b bc 47 5a 02 7c 7c 63 82 4d e1 a9 f0 18 15 f8 3f 8c 25 61 18 f8 dc 21 3c 8a db 59 be fd de f9 ea 0e 6c a1 e7 cc 44 86 43 4d 9e 05 3d 8b 7b 6e 0b bd 78 45 8d ab 6c b2 e2 b3 38 95 92 af f9 1d 96 9c 8a dd cf 0e cd 7a 23 27 92 1b 6d bf 42 d4 54 fc 4e 89 83 aa f6 b9 70 14 72 32 b7 3c 81 29 56 b4 f1 ab 7d 70 e1 40 4f 94 51 05 f8 86 45 91 68 44 5b 42 42 3d ef 38 93 68 3f 8e 52 be ad 3e f6 61 5f 53 d4 23 b4 37 5d 8c 45 ba 5d c8 95 27 56 e0 3d ec 9c 74 dd 39 43 e3 87 88 ae cb 0a 89 09 db e0 67 39 ec 65 48 0c fa 71 59 85 7c 33 50 a6 61 43 d3 15 55 b5
                                                                                                                                                                                                                                                                                                            Data Ascii: [Q8+8q'/D``rb*\%^?m-fWxP]#eD0T|"r$sGZ||cM?%a!<YlDCM={nxEl8z#'mBTNpr2<)V}p@OQEhD[BB=8h?R>a_S#7]E]'V=t9Cg9eHqY|3PaCU
                                                                                                                                                                                                                                                                                                            2024-11-24 10:15:44 UTC16384INData Raw: 95 5a f8 21 2b c6 53 b1 27 a2 9b ad 52 c5 f4 bf e4 f4 40 fb 48 02 4e ad ad 7b 11 51 e6 13 2a ee 68 e4 0b ee 68 1d 51 63 86 b0 9d 04 a0 36 8f 32 1b f3 8d fa a4 92 a5 b0 73 7b ae 9b e1 89 e1 69 12 b1 82 63 1a 90 4a ae 46 19 24 10 6e ce 20 32 33 a4 46 9a 6d 5d e2 64 95 52 a2 6b 77 b6 95 07 38 b5 a2 e6 8d 0b af d6 24 fc df e9 eb 20 d6 ba 78 c4 ac 63 9c 22 b9 0c 82 73 c1 1b b0 6b 47 d7 7b ed d3 9c 8c 51 e9 dc 1e a2 b8 b9 71 42 04 5f ba fd fb f2 d8 42 cc 38 4d 0f ed b2 52 4f 31 29 1a 3a 19 f6 a3 d3 ee 4a 3f 46 d2 81 51 b5 77 ae 08 6c b0 4b 37 2e aa 90 5e 23 ce a2 29 6b 1b a7 2d 88 c7 68 94 79 13 4d e8 51 92 a0 22 05 8d ef 04 3e 96 43 c8 e9 ee d4 e9 91 b1 9e e0 fb 30 06 76 54 62 de a1 51 91 50 5c 17 01 d5 17 ed 3a 2e c3 4e f9 7d d0 0f 25 70 62 9b bc be 29 b2 ef
                                                                                                                                                                                                                                                                                                            Data Ascii: Z!+S'R@HN{Q*hhQc62s{icJF$n 23Fm]dRkw8$ xc"skG{QqB_B8MRO1):J?FQwlK7.^#)k-hyMQ">C0vTbQP\:.N}%pb)
                                                                                                                                                                                                                                                                                                            2024-11-24 10:15:44 UTC16384INData Raw: 73 a3 f9 16 bd 2d b9 47 66 8f 40 af 07 9b db 84 3b d8 d4 2b 1c 29 7a 2e f3 35 e3 c2 e7 42 75 a5 41 e9 b1 48 d4 fa 48 b2 7a f5 4d 39 4b a9 82 55 57 1a e8 b9 7b de 2e c7 6c de 57 cf de 92 f5 e8 f0 d5 6e 12 bb c9 31 b6 32 6a 69 24 d8 69 21 33 af cc c2 5c fd c6 c6 20 09 57 8c e9 c1 d5 84 6e bb 60 d1 83 82 c7 da 8b f3 05 cc fe 0a 69 d3 e6 91 4c 3d ab 56 93 5b f4 58 5c 69 84 a5 0c eb 41 c6 61 95 6e 88 65 41 60 af 27 b8 2d fc d4 79 61 ec 84 fb ec 8b 8f 50 0e b2 d6 d2 18 83 af 21 61 0a 7b b3 58 2d 91 7a 34 ee 95 98 6a 33 a8 7a f0 02 dc 61 56 f3 ee 00 c8 91 57 51 41 fc f3 dd 14 99 2e a6 07 0e b3 30 5f 1f bb 1a ef 6b b1 f0 a7 d9 cc 46 6d d9 11 73 50 26 76 db a5 25 cc 82 f2 0a b5 2f 73 9e 81 e4 f4 ab 99 02 0b e4 73 e0 b8 28 46 84 d8 d8 e4 bc 41 f8 12 95 5d cf a2 d8
                                                                                                                                                                                                                                                                                                            Data Ascii: s-Gf@;+)z.5BuAHHzM9KUW{.lWn12ji$i!3\ Wn`iL=V[X\iAaneA`'-yaP!a{X-z4j3zaVWQA.0_kFmsP&v%/ss(FA]


                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                            5192.168.2.64979713.232.67.198443800C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                            2024-11-24 10:15:44 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=dd31cbca-11f7-438d-95d1-0103076c3b19&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1
                                                                                                                                                                                                                                                                                                            Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                            2024-11-24 10:15:44 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                            Date: Sun, 24 Nov 2024 10:15:44 GMT
                                                                                                                                                                                                                                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                                                            Content-Length: 19
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                            Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                            2024-11-24 10:15:44 UTC19INData Raw: 5b 31 37 33 32 34 34 33 33 34 34 33 37 38 38 39 31 38 5d
                                                                                                                                                                                                                                                                                                            Data Ascii: [17324433443788918]


                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                            6192.168.2.64979813.232.67.198443800C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                            2024-11-24 10:15:44 UTC362OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95fbc98a-3c27-44ae-84cf-9e3acc292491/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=8a545e8a-5ca3-4586-95ee-223486bad101&tr=31&tt=17324433411580562&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                            Content-Type: application/json
                                                                                                                                                                                                                                                                                                            Host: ps.pndsn.com


                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                            7192.168.2.64990613.232.67.198443800C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                            2024-11-24 10:16:29 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=a550ee73-b0e6-4203-86b7-33ebef664c1d&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1
                                                                                                                                                                                                                                                                                                            Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                            2024-11-24 10:16:29 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                            Date: Sun, 24 Nov 2024 10:16:29 GMT
                                                                                                                                                                                                                                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                                                            Content-Length: 19
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                            Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                            2024-11-24 10:16:29 UTC19INData Raw: 5b 31 37 33 32 34 34 33 33 38 39 34 34 32 39 37 30 34 5d
                                                                                                                                                                                                                                                                                                            Data Ascii: [17324433894429704]


                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                            8192.168.2.64991213.232.67.198443800C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                            2024-11-24 10:16:32 UTC358OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95fbc98a-3c27-44ae-84cf-9e3acc292491/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=3dabc9ca-50ca-4769-82eb-40791913b06c&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                            Content-Type: application/json
                                                                                                                                                                                                                                                                                                            Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                            2024-11-24 10:16:32 UTC322INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                            Date: Sun, 24 Nov 2024 10:16:32 GMT
                                                                                                                                                                                                                                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                            Content-Length: 55
                                                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                            Age: 0
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                            Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                            2024-11-24 10:16:32 UTC55INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                            Data Ascii: {"status": 200, "message": "OK", "service": "Presence"}


                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                            9192.168.2.64995013.232.67.198443800C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                            2024-11-24 10:16:45 UTC319OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/,/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=82fdf8d4-8981-41b8-81dd-da3d6c848351&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                            Content-Type: application/json
                                                                                                                                                                                                                                                                                                            Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                            2024-11-24 10:16:46 UTC322INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                            Date: Sun, 24 Nov 2024 10:16:46 GMT
                                                                                                                                                                                                                                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                            Content-Length: 74
                                                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                            Age: 0
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                            Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                            2024-11-24 10:16:46 UTC74INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 61 63 74 69 6f 6e 22 3a 20 22 6c 65 61 76 65 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                            Data Ascii: {"status": 200, "message": "OK", "action": "leave", "service": "Presence"}


                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                            10192.168.2.64994913.232.67.198443800C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                            2024-11-24 10:16:45 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=aa11bfe9-8289-42c2-be65-d6291fd164cf&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1
                                                                                                                                                                                                                                                                                                            Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                            2024-11-24 10:16:46 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                            Date: Sun, 24 Nov 2024 10:16:46 GMT
                                                                                                                                                                                                                                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                                                            Content-Length: 19
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                            Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                            2024-11-24 10:16:46 UTC19INData Raw: 5b 31 37 33 32 34 34 33 34 30 36 32 37 35 38 38 39 37 5d
                                                                                                                                                                                                                                                                                                            Data Ascii: [17324434062758897]


                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                            11192.168.2.64996513.232.67.198443800C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                            2024-11-24 10:16:50 UTC358OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95fbc98a-3c27-44ae-84cf-9e3acc292491/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=d06e9be8-9779-43f1-a370-eed925135e8d&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                            Content-Type: application/json
                                                                                                                                                                                                                                                                                                            Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                            2024-11-24 10:16:50 UTC322INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                            Date: Sun, 24 Nov 2024 10:16:50 GMT
                                                                                                                                                                                                                                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                            Content-Length: 55
                                                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                            Age: 0
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                            Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                            2024-11-24 10:16:50 UTC55INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                            Data Ascii: {"status": 200, "message": "OK", "service": "Presence"}


                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                            12192.168.2.64996313.232.67.198443800C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                            2024-11-24 10:16:50 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=cc4be31c-7bd0-4546-8157-021785aaabf9&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1
                                                                                                                                                                                                                                                                                                            Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                            2024-11-24 10:16:51 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                            Date: Sun, 24 Nov 2024 10:16:50 GMT
                                                                                                                                                                                                                                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                                                            Content-Length: 19
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                            Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                            2024-11-24 10:16:51 UTC19INData Raw: 5b 31 37 33 32 34 34 33 34 31 30 38 30 32 37 34 38 38 5d
                                                                                                                                                                                                                                                                                                            Data Ascii: [17324434108027488]


                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                            13192.168.2.64998613.232.67.198443800C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                            2024-11-24 10:16:55 UTC358OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95fbc98a-3c27-44ae-84cf-9e3acc292491/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=e695b199-cbc9-44ed-b89a-77707fde66b0&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                            Content-Type: application/json
                                                                                                                                                                                                                                                                                                            Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                            2024-11-24 10:16:56 UTC323INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                            Date: Sun, 24 Nov 2024 10:16:55 GMT
                                                                                                                                                                                                                                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                            Content-Length: 55
                                                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                            Age: 23
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                            Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                            2024-11-24 10:16:56 UTC55INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                            Data Ascii: {"status": 200, "message": "OK", "service": "Presence"}


                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                            14192.168.2.64998513.232.67.198443800C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                            2024-11-24 10:16:55 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=7ad0a761-601d-4dfb-892a-87e5a80d8cfd&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1
                                                                                                                                                                                                                                                                                                            Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                            2024-11-24 10:16:56 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                            Date: Sun, 24 Nov 2024 10:16:55 GMT
                                                                                                                                                                                                                                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                                                            Content-Length: 19
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                            Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                            2024-11-24 10:16:56 UTC19INData Raw: 5b 31 37 33 32 34 34 33 34 31 35 38 38 31 37 34 38 39 5d
                                                                                                                                                                                                                                                                                                            Data Ascii: [17324434158817489]


                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                            15192.168.2.64999713.232.67.198443800C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                            2024-11-24 10:16:58 UTC354OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95fbc98a-3c27-44ae-84cf-9e3acc292491/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=939e5a96-d596-4e59-936e-7ae5d28307cc&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                            Content-Type: application/json
                                                                                                                                                                                                                                                                                                            Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                            2024-11-24 10:16:59 UTC322INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                            Date: Sun, 24 Nov 2024 10:16:58 GMT
                                                                                                                                                                                                                                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                            Content-Length: 74
                                                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                            Age: 0
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                            Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                            2024-11-24 10:16:59 UTC74INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 61 63 74 69 6f 6e 22 3a 20 22 6c 65 61 76 65 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                            Data Ascii: {"status": 200, "message": "OK", "action": "leave", "service": "Presence"}


                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                            16192.168.2.64999813.232.67.198443800C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                            2024-11-24 10:16:58 UTC340OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95fbc98a-3c27-44ae-84cf-9e3acc292491/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=1c583dbc-af1e-4d45-80f1-003dabe8eea7&tt=0&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                            Content-Type: application/json
                                                                                                                                                                                                                                                                                                            Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                            2024-11-24 10:16:59 UTC277INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                            Date: Sun, 24 Nov 2024 10:16:58 GMT
                                                                                                                                                                                                                                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                            Content-Length: 45
                                                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Methods: GET
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                            Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                            2024-11-24 10:16:59 UTC45INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 33 32 34 34 33 33 34 31 31 35 38 30 35 36 32 22 2c 22 72 22 3a 33 31 7d 2c 22 6d 22 3a 5b 5d 7d
                                                                                                                                                                                                                                                                                                            Data Ascii: {"t":{"t":"17324433411580562","r":31},"m":[]}


                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                            17192.168.2.65000613.232.67.198443800C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                            2024-11-24 10:17:01 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e10b719b-981a-446e-ba23-7c69d7f94ded&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1
                                                                                                                                                                                                                                                                                                            Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                            2024-11-24 10:17:02 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                            Date: Sun, 24 Nov 2024 10:17:01 GMT
                                                                                                                                                                                                                                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                                                            Content-Length: 19
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                            Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                            2024-11-24 10:17:02 UTC19INData Raw: 5b 31 37 33 32 34 34 33 34 32 31 39 31 30 39 30 30 30 5d
                                                                                                                                                                                                                                                                                                            Data Ascii: [17324434219109000]


                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                            18192.168.2.65001813.232.67.198443800C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                            2024-11-24 10:17:03 UTC358OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95fbc98a-3c27-44ae-84cf-9e3acc292491/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=15951373-2c36-4fa8-affe-36f2ec07b81f&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                            Content-Type: application/json
                                                                                                                                                                                                                                                                                                            Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                            2024-11-24 10:17:04 UTC322INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                            Date: Sun, 24 Nov 2024 10:17:03 GMT
                                                                                                                                                                                                                                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                            Content-Length: 55
                                                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                            Age: 0
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                            Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                            2024-11-24 10:17:04 UTC55INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                            Data Ascii: {"status": 200, "message": "OK", "service": "Presence"}


                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                            19192.168.2.65002213.232.67.198443800C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                            2024-11-24 10:17:04 UTC340OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95fbc98a-3c27-44ae-84cf-9e3acc292491/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=44d081ca-4526-4116-82b9-755899f28369&tt=0&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                            Content-Type: application/json
                                                                                                                                                                                                                                                                                                            Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                            2024-11-24 10:17:05 UTC277INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                            Date: Sun, 24 Nov 2024 10:17:04 GMT
                                                                                                                                                                                                                                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                            Content-Length: 45
                                                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Methods: GET
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                            Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                            2024-11-24 10:17:05 UTC45INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 33 32 34 34 33 34 32 31 30 39 37 34 36 38 36 22 2c 22 72 22 3a 33 31 7d 2c 22 6d 22 3a 5b 5d 7d
                                                                                                                                                                                                                                                                                                            Data Ascii: {"t":{"t":"17324434210974686","r":31},"m":[]}


                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                            20192.168.2.65003113.232.67.198443800C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                            2024-11-24 10:17:06 UTC354OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95fbc98a-3c27-44ae-84cf-9e3acc292491/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=2a3f0c53-5de8-4152-9013-693952c09124&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                            Content-Type: application/json
                                                                                                                                                                                                                                                                                                            Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                            2024-11-24 10:17:07 UTC322INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                            Date: Sun, 24 Nov 2024 10:17:07 GMT
                                                                                                                                                                                                                                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                            Content-Length: 74
                                                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                            Age: 0
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                            Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                            2024-11-24 10:17:07 UTC74INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 61 63 74 69 6f 6e 22 3a 20 22 6c 65 61 76 65 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                            Data Ascii: {"status": 200, "message": "OK", "action": "leave", "service": "Presence"}


                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                            21192.168.2.65003513.232.67.198443800C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                            2024-11-24 10:17:07 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=1ddb02cf-39da-4196-a130-53d484e9194d&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1
                                                                                                                                                                                                                                                                                                            Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                            2024-11-24 10:17:08 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                            Date: Sun, 24 Nov 2024 10:17:07 GMT
                                                                                                                                                                                                                                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                                                            Content-Length: 19
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                            Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                            2024-11-24 10:17:08 UTC19INData Raw: 5b 31 37 33 32 34 34 33 34 32 37 38 30 38 34 39 32 38 5d
                                                                                                                                                                                                                                                                                                            Data Ascii: [17324434278084928]


                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                            22192.168.2.65004313.232.67.198443800C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                            2024-11-24 10:17:09 UTC358OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95fbc98a-3c27-44ae-84cf-9e3acc292491/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=15a8e400-4d66-4396-85a9-a52c47560c82&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                            Content-Type: application/json
                                                                                                                                                                                                                                                                                                            Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                            2024-11-24 10:17:10 UTC322INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                            Date: Sun, 24 Nov 2024 10:17:09 GMT
                                                                                                                                                                                                                                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                            Content-Length: 55
                                                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                            Age: 0
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                            Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                            2024-11-24 10:17:10 UTC55INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                            Data Ascii: {"status": 200, "message": "OK", "service": "Presence"}


                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                            23192.168.2.65004613.232.67.198443800C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                            2024-11-24 10:17:10 UTC354OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95fbc98a-3c27-44ae-84cf-9e3acc292491/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=01eea71f-f36d-4bce-8cd1-fb9075d78180&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                            Content-Type: application/json
                                                                                                                                                                                                                                                                                                            Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                            2024-11-24 10:17:11 UTC322INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                            Date: Sun, 24 Nov 2024 10:17:11 GMT
                                                                                                                                                                                                                                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                            Content-Length: 74
                                                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                            Age: 0
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                            Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                            2024-11-24 10:17:11 UTC74INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 61 63 74 69 6f 6e 22 3a 20 22 6c 65 61 76 65 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                            Data Ascii: {"status": 200, "message": "OK", "action": "leave", "service": "Presence"}


                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                            24192.168.2.65005613.232.67.198443800C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                            2024-11-24 10:17:12 UTC340OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95fbc98a-3c27-44ae-84cf-9e3acc292491/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=b72bd97c-f6a1-480d-9594-461af2e421f4&tt=0&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                            Content-Type: application/json
                                                                                                                                                                                                                                                                                                            Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                            2024-11-24 10:17:13 UTC277INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                            Date: Sun, 24 Nov 2024 10:17:12 GMT
                                                                                                                                                                                                                                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                            Content-Length: 45
                                                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Methods: GET
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                            Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                            2024-11-24 10:17:13 UTC45INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 33 32 34 34 33 34 33 31 35 33 36 37 36 35 36 22 2c 22 72 22 3a 33 31 7d 2c 22 6d 22 3a 5b 5d 7d
                                                                                                                                                                                                                                                                                                            Data Ascii: {"t":{"t":"17324434315367656","r":31},"m":[]}


                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                            25192.168.2.65006313.232.67.198443800C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                            2024-11-24 10:17:14 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=3f56d55c-6ba5-4af1-9be1-2dea66d5d0f7&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1
                                                                                                                                                                                                                                                                                                            Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                            2024-11-24 10:17:14 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                            Date: Sun, 24 Nov 2024 10:17:14 GMT
                                                                                                                                                                                                                                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                                                            Content-Length: 19
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                            Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                            2024-11-24 10:17:14 UTC19INData Raw: 5b 31 37 33 32 34 34 33 34 33 34 33 38 30 37 37 39 37 5d
                                                                                                                                                                                                                                                                                                            Data Ascii: [17324434343807797]


                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                            26192.168.2.65007013.232.67.198443800C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                            2024-11-24 10:17:15 UTC358OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95fbc98a-3c27-44ae-84cf-9e3acc292491/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=5fe5955e-4d52-4f15-a999-10b126f5fc74&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                            Content-Type: application/json
                                                                                                                                                                                                                                                                                                            Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                            2024-11-24 10:17:16 UTC322INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                            Date: Sun, 24 Nov 2024 10:17:15 GMT
                                                                                                                                                                                                                                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                            Content-Length: 55
                                                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                            Age: 0
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                            Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                            2024-11-24 10:17:16 UTC55INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                            Data Ascii: {"status": 200, "message": "OK", "service": "Presence"}


                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                            27192.168.2.65007613.232.67.198443800C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                            2024-11-24 10:17:17 UTC362OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95fbc98a-3c27-44ae-84cf-9e3acc292491/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=b748dd63-e45c-4e56-a14e-2acb4546abf0&tr=31&tt=17324434315367656&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                            Content-Type: application/json
                                                                                                                                                                                                                                                                                                            Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                            2024-11-24 10:17:17 UTC279INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                            Date: Sun, 24 Nov 2024 10:17:17 GMT
                                                                                                                                                                                                                                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                            Content-Length: 1864
                                                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Methods: GET
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                            Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                            2024-11-24 10:17:17 UTC1864INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 33 32 34 34 33 34 33 35 30 38 36 35 37 37 33 22 2c 22 72 22 3a 33 31 7d 2c 22 6d 22 3a 5b 7b 22 61 22 3a 22 32 22 2c 22 66 22 3a 30 2c 22 69 22 3a 22 62 33 62 37 33 37 31 30 2d 38 38 39 63 2d 34 34 36 37 2d 62 32 36 34 2d 37 61 31 64 30 66 65 66 38 66 37 32 22 2c 22 70 22 3a 7b 22 74 22 3a 22 31 37 33 32 34 34 33 34 33 35 30 38 36 35 37 37 33 22 2c 22 72 22 3a 34 33 7d 2c 22 6b 22 3a 22 73 75 62 2d 63 2d 61 30 32 63 65 63 61 38 2d 61 39 35 38 2d 31 31 65 35 2d 62 64 38 63 2d 30 36 31 39 66 38 39 34 35 61 34 66 22 2c 22 63 22 3a 22 39 35 66 62 63 39 38 61 2d 33 63 32 37 2d 34 34 61 65 2d 38 34 63 66 2d 39 65 33 61 63 63 32 39 32 34 39 31 22 2c 22 64 22 3a 7b 22 43 6f 6d 6d 61 6e 64 49 64 22 3a 22 35 64 61 36 38 64 65
                                                                                                                                                                                                                                                                                                            Data Ascii: {"t":{"t":"17324434350865773","r":31},"m":[{"a":"2","f":0,"i":"b3b73710-889c-4467-b264-7a1d0fef8f72","p":{"t":"17324434350865773","r":43},"k":"sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f","c":"95fbc98a-3c27-44ae-84cf-9e3acc292491","d":{"CommandId":"5da68de


                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                            28192.168.2.65008813.232.67.198443800C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                            2024-11-24 10:17:20 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=b46022d7-cbaa-40b8-8c72-fd984bb21007&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1
                                                                                                                                                                                                                                                                                                            Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                            2024-11-24 10:17:20 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                            Date: Sun, 24 Nov 2024 10:17:20 GMT
                                                                                                                                                                                                                                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                                                            Content-Length: 19
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                            Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                            2024-11-24 10:17:20 UTC19INData Raw: 5b 31 37 33 32 34 34 33 34 34 30 33 31 30 37 37 33 37 5d
                                                                                                                                                                                                                                                                                                            Data Ascii: [17324434403107737]


                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                            29192.168.2.65009113.232.67.198443800C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                            2024-11-24 10:17:20 UTC362OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95fbc98a-3c27-44ae-84cf-9e3acc292491/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=b554e624-5e74-4caa-b7de-790b1533e993&tr=31&tt=17324434350865773&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                            Content-Type: application/json
                                                                                                                                                                                                                                                                                                            Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                            2024-11-24 10:17:38 UTC279INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                            Date: Sun, 24 Nov 2024 10:17:37 GMT
                                                                                                                                                                                                                                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                            Content-Length: 1884
                                                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Methods: GET
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                            Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                            2024-11-24 10:17:38 UTC1884INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 33 32 34 34 33 34 35 37 38 32 38 32 38 30 31 22 2c 22 72 22 3a 33 31 7d 2c 22 6d 22 3a 5b 7b 22 61 22 3a 22 32 22 2c 22 66 22 3a 30 2c 22 69 22 3a 22 31 39 31 37 31 32 63 37 2d 36 30 62 36 2d 34 30 61 38 2d 61 65 39 32 2d 63 39 63 30 65 65 62 31 61 63 34 61 22 2c 22 70 22 3a 7b 22 74 22 3a 22 31 37 33 32 34 34 33 34 35 37 38 32 38 32 38 30 31 22 2c 22 72 22 3a 32 34 7d 2c 22 6b 22 3a 22 73 75 62 2d 63 2d 61 30 32 63 65 63 61 38 2d 61 39 35 38 2d 31 31 65 35 2d 62 64 38 63 2d 30 36 31 39 66 38 39 34 35 61 34 66 22 2c 22 63 22 3a 22 39 35 66 62 63 39 38 61 2d 33 63 32 37 2d 34 34 61 65 2d 38 34 63 66 2d 39 65 33 61 63 63 32 39 32 34 39 31 22 2c 22 64 22 3a 7b 22 43 6f 6d 6d 61 6e 64 49 64 22 3a 22 35 65 61 64 34 39 32
                                                                                                                                                                                                                                                                                                            Data Ascii: {"t":{"t":"17324434578282801","r":31},"m":[{"a":"2","f":0,"i":"191712c7-60b6-40a8-ae92-c9c0eeb1ac4a","p":{"t":"17324434578282801","r":24},"k":"sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f","c":"95fbc98a-3c27-44ae-84cf-9e3acc292491","d":{"CommandId":"5ead492


                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                            30192.168.2.65009713.232.67.198443800C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                            2024-11-24 10:17:23 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=12ab6b1a-a82d-4206-b67b-cf0ecb23de70&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1
                                                                                                                                                                                                                                                                                                            Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                            2024-11-24 10:17:23 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                            Date: Sun, 24 Nov 2024 10:17:23 GMT
                                                                                                                                                                                                                                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                                                            Content-Length: 19
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                            Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                            2024-11-24 10:17:23 UTC19INData Raw: 5b 31 37 33 32 34 34 33 34 34 33 37 32 32 31 33 37 32 5d
                                                                                                                                                                                                                                                                                                            Data Ascii: [17324434437221372]


                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                            31192.168.2.65010113.232.67.198443800C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                            2024-11-24 10:17:26 UTC358OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95fbc98a-3c27-44ae-84cf-9e3acc292491/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=e3aa32f8-3a58-4ef4-b289-b05205d0c00e&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                            Content-Type: application/json
                                                                                                                                                                                                                                                                                                            Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                            2024-11-24 10:17:26 UTC323INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                            Date: Sun, 24 Nov 2024 10:17:26 GMT
                                                                                                                                                                                                                                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                            Content-Length: 55
                                                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                            Age: 16
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                            Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                            2024-11-24 10:17:26 UTC55INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                            Data Ascii: {"status": 200, "message": "OK", "service": "Presence"}


                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                            32192.168.2.65010713.232.67.198443800C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                            2024-11-24 10:17:29 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=bc070723-3cfb-4171-b999-27f32c59f0dd&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1
                                                                                                                                                                                                                                                                                                            Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                            2024-11-24 10:17:29 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                            Date: Sun, 24 Nov 2024 10:17:29 GMT
                                                                                                                                                                                                                                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                                                            Content-Length: 19
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                            Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                            2024-11-24 10:17:29 UTC19INData Raw: 5b 31 37 33 32 34 34 33 34 34 39 37 31 36 33 37 37 35 5d
                                                                                                                                                                                                                                                                                                            Data Ascii: [17324434497163775]


                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                            33192.168.2.65011413.232.67.198443800C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                            2024-11-24 10:17:32 UTC354OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95fbc98a-3c27-44ae-84cf-9e3acc292491/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=6d5cfce1-b215-4be8-a3eb-65f371d376ce&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                            Content-Type: application/json
                                                                                                                                                                                                                                                                                                            Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                            2024-11-24 10:17:33 UTC322INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                            Date: Sun, 24 Nov 2024 10:17:32 GMT
                                                                                                                                                                                                                                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                            Content-Length: 74
                                                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                            Age: 0
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                            Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                            2024-11-24 10:17:33 UTC74INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 61 63 74 69 6f 6e 22 3a 20 22 6c 65 61 76 65 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                            Data Ascii: {"status": 200, "message": "OK", "action": "leave", "service": "Presence"}


                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                            34192.168.2.65011813.232.67.198443800C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                            2024-11-24 10:17:35 UTC358OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95fbc98a-3c27-44ae-84cf-9e3acc292491/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=b59d65c0-c360-410b-969c-bbedbf0ff1c9&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                            Content-Type: application/json
                                                                                                                                                                                                                                                                                                            Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                            2024-11-24 10:17:36 UTC322INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                            Date: Sun, 24 Nov 2024 10:17:35 GMT
                                                                                                                                                                                                                                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                            Content-Length: 55
                                                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                            Age: 0
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                            Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                            2024-11-24 10:17:36 UTC55INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                            Data Ascii: {"status": 200, "message": "OK", "service": "Presence"}


                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                            35192.168.2.65033913.232.67.199443800C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                            2024-11-24 10:19:25 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=9ead68d6-bdd5-4770-a068-8d3fb261cd22&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1
                                                                                                                                                                                                                                                                                                            Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                            2024-11-24 10:19:25 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                            Date: Sun, 24 Nov 2024 10:19:25 GMT
                                                                                                                                                                                                                                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                                                            Content-Length: 19
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                            Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                            2024-11-24 10:19:25 UTC19INData Raw: 5b 31 37 33 32 34 34 33 35 36 35 35 35 33 32 30 34 31 5d
                                                                                                                                                                                                                                                                                                            Data Ascii: [17324435655532041]


                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                            36192.168.2.65034313.232.67.199443
                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                            2024-11-24 10:19:28 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=8dec4445-c0f5-4b3e-90c5-b0e958ca91da&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1
                                                                                                                                                                                                                                                                                                            Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                            2024-11-24 10:19:28 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                            Date: Sun, 24 Nov 2024 10:19:28 GMT
                                                                                                                                                                                                                                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                                                            Content-Length: 19
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                            Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                            2024-11-24 10:19:28 UTC19INData Raw: 5b 31 37 33 32 34 34 33 35 36 38 35 31 38 38 34 31 32 5d
                                                                                                                                                                                                                                                                                                            Data Ascii: [17324435685188412]


                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                            37192.168.2.65034413.232.67.199443
                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                            2024-11-24 10:19:28 UTC340OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95fbc98a-3c27-44ae-84cf-9e3acc292491/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=57719228-a14b-4385-bc90-4fb880778c52&tt=0&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                            Content-Type: application/json
                                                                                                                                                                                                                                                                                                            Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                            2024-11-24 10:19:28 UTC277INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                            Date: Sun, 24 Nov 2024 10:19:28 GMT
                                                                                                                                                                                                                                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                            Content-Length: 45
                                                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Methods: GET
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                            Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                            2024-11-24 10:19:28 UTC45INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 33 32 34 34 33 34 35 37 38 32 38 32 38 30 31 22 2c 22 72 22 3a 33 33 7d 2c 22 6d 22 3a 5b 5d 7d
                                                                                                                                                                                                                                                                                                            Data Ascii: {"t":{"t":"17324434578282801","r":33},"m":[]}


                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                            38192.168.2.65035013.232.67.199443
                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                            2024-11-24 10:19:31 UTC362OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95fbc98a-3c27-44ae-84cf-9e3acc292491/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=92f4880d-dc2f-4ace-a46f-d9a0bf4fb400&tr=33&tt=17324434578282801&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                            Content-Type: application/json
                                                                                                                                                                                                                                                                                                            Host: ps.pndsn.com


                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                            39192.168.2.65034913.232.67.199443
                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                            2024-11-24 10:19:31 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ec561522-6fb6-4012-8b4a-f77b6640fc9d&uuid=95fbc98a-3c27-44ae-84cf-9e3acc292491 HTTP/1.1
                                                                                                                                                                                                                                                                                                            Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                            2024-11-24 10:19:31 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                            Date: Sun, 24 Nov 2024 10:19:31 GMT
                                                                                                                                                                                                                                                                                                            Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                                                            Content-Length: 19
                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                            Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                            2024-11-24 10:19:31 UTC19INData Raw: 5b 31 37 33 32 34 34 33 35 37 31 36 38 35 36 35 30 33 5d
                                                                                                                                                                                                                                                                                                            Data Ascii: [17324435716856503]


                                                                                                                                                                                                                                                                                                            Statistics

                                                                                                                                                                                                                                                                                                            CPU Usage

                                                                                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                                                                                            Memory Usage

                                                                                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                            Behavior

                                                                                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                                                                                            System Behavior

                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                            Target ID:1
                                                                                                                                                                                                                                                                                                            Start time:05:15:14
                                                                                                                                                                                                                                                                                                            Start date:24/11/2024
                                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                            Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\registration.msi"
                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff7d0c90000
                                                                                                                                                                                                                                                                                                            File size:69'632 bytes
                                                                                                                                                                                                                                                                                                            MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                            Target ID:2
                                                                                                                                                                                                                                                                                                            Start time:05:15:14
                                                                                                                                                                                                                                                                                                            Start date:24/11/2024
                                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff7d0c90000
                                                                                                                                                                                                                                                                                                            File size:69'632 bytes
                                                                                                                                                                                                                                                                                                            MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                            Target ID:3
                                                                                                                                                                                                                                                                                                            Start time:05:15:15
                                                                                                                                                                                                                                                                                                            Start date:24/11/2024
                                                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 3D043D01D69573A731BD32BF0EBA042E
                                                                                                                                                                                                                                                                                                            Imagebase:0x740000
                                                                                                                                                                                                                                                                                                            File size:59'904 bytes
                                                                                                                                                                                                                                                                                                            MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                            Target ID:4
                                                                                                                                                                                                                                                                                                            Start time:05:15:15
                                                                                                                                                                                                                                                                                                            Start date:24/11/2024
                                                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                            Commandline:rundll32.exe "C:\Windows\Installer\MSIC4F9.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4310406 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
                                                                                                                                                                                                                                                                                                            Imagebase:0x2d0000
                                                                                                                                                                                                                                                                                                            File size:61'440 bytes
                                                                                                                                                                                                                                                                                                            MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000004.00000003.2279701962.0000000004C02000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                            Target ID:5
                                                                                                                                                                                                                                                                                                            Start time:05:15:16
                                                                                                                                                                                                                                                                                                            Start date:24/11/2024
                                                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                            Commandline:rundll32.exe "C:\Windows\Installer\MSICAE6.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4311812 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
                                                                                                                                                                                                                                                                                                            Imagebase:0x2d0000
                                                                                                                                                                                                                                                                                                            File size:61'440 bytes
                                                                                                                                                                                                                                                                                                            MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000005.00000003.2291421210.0000000004400000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000005.00000002.2341611865.00000000047E4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000005.00000002.2341611865.0000000004741000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                            Target ID:6
                                                                                                                                                                                                                                                                                                            Start time:05:15:22
                                                                                                                                                                                                                                                                                                            Start date:24/11/2024
                                                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                            Commandline:rundll32.exe "C:\Windows\Installer\MSIE1CA.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4317703 11 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
                                                                                                                                                                                                                                                                                                            Imagebase:0x2d0000
                                                                                                                                                                                                                                                                                                            File size:61'440 bytes
                                                                                                                                                                                                                                                                                                            MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000006.00000003.2350193018.0000000004B8F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                            Target ID:7
                                                                                                                                                                                                                                                                                                            Start time:05:15:23
                                                                                                                                                                                                                                                                                                            Start date:24/11/2024
                                                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding ED6036EDFA306B6AD29B763B80D7974F E Global\MSI0000
                                                                                                                                                                                                                                                                                                            Imagebase:0x740000
                                                                                                                                                                                                                                                                                                            File size:59'904 bytes
                                                                                                                                                                                                                                                                                                            MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                            Target ID:8
                                                                                                                                                                                                                                                                                                            Start time:05:15:23
                                                                                                                                                                                                                                                                                                            Start date:24/11/2024
                                                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\net.exe
                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                            Commandline:"NET" STOP AteraAgent
                                                                                                                                                                                                                                                                                                            Imagebase:0x850000
                                                                                                                                                                                                                                                                                                            File size:47'104 bytes
                                                                                                                                                                                                                                                                                                            MD5 hash:31890A7DE89936F922D44D677F681A7F
                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                            Target ID:9
                                                                                                                                                                                                                                                                                                            Start time:05:15:23
                                                                                                                                                                                                                                                                                                            Start date:24/11/2024
                                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                            Target ID:10
                                                                                                                                                                                                                                                                                                            Start time:05:15:23
                                                                                                                                                                                                                                                                                                            Start date:24/11/2024
                                                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\net1.exe
                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\net1 STOP AteraAgent
                                                                                                                                                                                                                                                                                                            Imagebase:0x640000
                                                                                                                                                                                                                                                                                                            File size:139'776 bytes
                                                                                                                                                                                                                                                                                                            MD5 hash:2EFE6ED4C294AB8A39EB59C80813FEC1
                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                            Target ID:11
                                                                                                                                                                                                                                                                                                            Start time:05:15:24
                                                                                                                                                                                                                                                                                                            Start date:24/11/2024
                                                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                            Commandline:"TaskKill.exe" /f /im AteraAgent.exe
                                                                                                                                                                                                                                                                                                            Imagebase:0xa70000
                                                                                                                                                                                                                                                                                                            File size:74'240 bytes
                                                                                                                                                                                                                                                                                                            MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                            Target ID:12
                                                                                                                                                                                                                                                                                                            Start time:05:15:24
                                                                                                                                                                                                                                                                                                            Start date:24/11/2024
                                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                            Target ID:13
                                                                                                                                                                                                                                                                                                            Start time:05:15:24
                                                                                                                                                                                                                                                                                                            Start date:24/11/2024
                                                                                                                                                                                                                                                                                                            Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="1vf5mpi5iyis@upsnab.net" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000Kh41eIAB" /AgentId="95fbc98a-3c27-44ae-84cf-9e3acc292491"
                                                                                                                                                                                                                                                                                                            Imagebase:0x1d0b8ff0000
                                                                                                                                                                                                                                                                                                            File size:145'968 bytes
                                                                                                                                                                                                                                                                                                            MD5 hash:477293F80461713D51A98A24023D45E8
                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2420125262.000001D0BADE9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2419340480.000001D0B928B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2420125262.000001D0BAE12000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2419340480.000001D0B92EA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2422257360.000001D0D375F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000000.2366604814.000001D0B8FF2000.00000002.00000001.01000000.0000000F.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2419340480.000001D0B92C1000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2420125262.000001D0BAE14000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2420125262.000001D0BAEDC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2419150017.000001D0B9220000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2420125262.000001D0BADEC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2420125262.000001D0BAE92000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2423440628.00007FFD34254000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2419340480.000001D0B92A1000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2419269606.000001D0B9260000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2421031200.000001D0D3456000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2422023619.000001D0D3700000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2420125262.000001D0BAE1A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2419269606.000001D0B9266000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2419340480.000001D0B927F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2420125262.000001D0BAEC6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2420125262.000001D0BAD61000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                                                                                                                            • Detection: 26%, ReversingLabs
                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                            Target ID:15
                                                                                                                                                                                                                                                                                                            Start time:05:15:29
                                                                                                                                                                                                                                                                                                            Start date:24/11/2024
                                                                                                                                                                                                                                                                                                            Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
                                                                                                                                                                                                                                                                                                            Imagebase:0x25e6d7b0000
                                                                                                                                                                                                                                                                                                            File size:145'968 bytes
                                                                                                                                                                                                                                                                                                            MD5 hash:477293F80461713D51A98A24023D45E8
                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000F.00000002.4733388042.000000D20C6F5000.00000004.00000010.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000F.00000002.4747454234.0000025E6D89F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000F.00000002.4751349828.0000025E6ED9A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000F.00000002.4739839137.0000025E00566000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000F.00000002.4748574493.0000025E6DA90000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000F.00000002.4751349828.0000025E6EE6A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000F.00000002.4739839137.0000025E0006B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000F.00000002.4739839137.0000025E007B7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000F.00000002.4747454234.0000025E6D860000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000F.00000002.4747454234.0000025E6D8EA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000F.00000002.4748462349.0000025E6D960000.00000004.00000020.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000F.00000002.4739839137.0000025E00242000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000F.00000002.4751349828.0000025E6EDB0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000F.00000002.4747454234.0000025E6D8BF000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000F.00000002.4739839137.0000025E004C0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000F.00000002.4739839137.0000025E00001000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                            Target ID:16
                                                                                                                                                                                                                                                                                                            Start time:05:15:30
                                                                                                                                                                                                                                                                                                            Start date:24/11/2024
                                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\sc.exe
                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                            Commandline:"C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff6d3040000
                                                                                                                                                                                                                                                                                                            File size:72'192 bytes
                                                                                                                                                                                                                                                                                                            MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                            Target ID:17
                                                                                                                                                                                                                                                                                                            Start time:05:15:30
                                                                                                                                                                                                                                                                                                            Start date:24/11/2024
                                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                            Target ID:18
                                                                                                                                                                                                                                                                                                            Start time:05:15:30
                                                                                                                                                                                                                                                                                                            Start date:24/11/2024
                                                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                            Commandline:rundll32.exe "C:\Windows\Installer\MSIFFD7.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4325359 33 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
                                                                                                                                                                                                                                                                                                            Imagebase:0x2d0000
                                                                                                                                                                                                                                                                                                            File size:61'440 bytes
                                                                                                                                                                                                                                                                                                            MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000012.00000003.2427395376.00000000046FC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000012.00000002.2483405814.0000000004A31000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000012.00000002.2483405814.0000000004AD4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                            Target ID:20
                                                                                                                                                                                                                                                                                                            Start time:05:15:46
                                                                                                                                                                                                                                                                                                            Start date:24/11/2024
                                                                                                                                                                                                                                                                                                            Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95fbc98a-3c27-44ae-84cf-9e3acc292491 "e8d80795-1e07-47b3-9c87-186f671b6a15" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000Kh41eIAB
                                                                                                                                                                                                                                                                                                            Imagebase:0x1fe48960000
                                                                                                                                                                                                                                                                                                            File size:177'704 bytes
                                                                                                                                                                                                                                                                                                            MD5 hash:FD9DF72620BCA7C4D48BC105C89DFFD2
                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000002.2619260815.000001FE49192000.00000002.00000001.01000000.00000018.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000002.2618394426.000001FE48A20000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000002.2619094670.000001FE48CD0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000002.2621254823.000001FE61AB0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000002.2619394288.000001FE492A3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000002.2618394426.000001FE48A60000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000000.2580452917.000001FE48962000.00000002.00000001.01000000.00000016.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000002.2619394288.000001FE492B3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000002.2618394426.000001FE48A66000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000002.2618394426.000001FE48AAC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000002.2619394288.000001FE49231000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                                                                                                                            • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                            Target ID:21
                                                                                                                                                                                                                                                                                                            Start time:05:15:46
                                                                                                                                                                                                                                                                                                            Start date:24/11/2024
                                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                            Target ID:22
                                                                                                                                                                                                                                                                                                            Start time:05:15:46
                                                                                                                                                                                                                                                                                                            Start date:24/11/2024
                                                                                                                                                                                                                                                                                                            Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95fbc98a-3c27-44ae-84cf-9e3acc292491 "84e6126d-3464-4d76-9c19-0160eafb16a0" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000Kh41eIAB
                                                                                                                                                                                                                                                                                                            Imagebase:0x2a865b40000
                                                                                                                                                                                                                                                                                                            File size:177'704 bytes
                                                                                                                                                                                                                                                                                                            MD5 hash:FD9DF72620BCA7C4D48BC105C89DFFD2
                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000016.00000002.2622426383.000002A87ED50000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000016.00000002.2619167947.000002A865C98000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000016.00000002.2621291158.000002A866713000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000016.00000002.2619167947.000002A865C90000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000016.00000002.2621291158.000002A866703000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000016.00000002.2620139095.000002A866020000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000016.00000002.2622805844.000002A87EE13000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000016.00000002.2619259032.000002A865CCC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000016.00000002.2621291158.000002A8666D7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000016.00000002.2619259032.000002A865D13000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000016.00000002.2621291158.000002A86674F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000016.00000002.2619259032.000002A865CE0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000016.00000002.2621291158.000002A866691000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000016.00000002.2619259032.000002A865CAB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                            Target ID:23
                                                                                                                                                                                                                                                                                                            Start time:05:15:46
                                                                                                                                                                                                                                                                                                            Start date:24/11/2024
                                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                            Target ID:24
                                                                                                                                                                                                                                                                                                            Start time:05:17:23
                                                                                                                                                                                                                                                                                                            Start date:24/11/2024
                                                                                                                                                                                                                                                                                                            Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95fbc98a-3c27-44ae-84cf-9e3acc292491 "e3e24934-4319-48e9-bf87-d4583f7e9574" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000Kh41eIAB
                                                                                                                                                                                                                                                                                                            Imagebase:0x140bf0d0000
                                                                                                                                                                                                                                                                                                            File size:177'704 bytes
                                                                                                                                                                                                                                                                                                            MD5 hash:FD9DF72620BCA7C4D48BC105C89DFFD2
                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.3591613381.00000140BF2C9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.3591758846.00000140BF2DB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.3592387002.00000140BF5B0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.3591758846.00000140BF30D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.3592707390.00000140BFBE3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.3592707390.00000140BFBF3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.3591758846.00000140BF2FD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.3591613381.00000140BF2C0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.3592707390.00000140BFBB7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.3591758846.00000140BF346000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.3592707390.00000140BFC2F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.3592707390.00000140BFB71000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                            Target ID:25
                                                                                                                                                                                                                                                                                                            Start time:05:17:23
                                                                                                                                                                                                                                                                                                            Start date:24/11/2024
                                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                            Target ID:26
                                                                                                                                                                                                                                                                                                            Start time:05:17:43
                                                                                                                                                                                                                                                                                                            Start date:24/11/2024
                                                                                                                                                                                                                                                                                                            Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95fbc98a-3c27-44ae-84cf-9e3acc292491 "bafe3b2c-3bd0-4df3-abe5-6f6b048de27b" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000Kh41eIAB
                                                                                                                                                                                                                                                                                                            Imagebase:0x1ad7ab80000
                                                                                                                                                                                                                                                                                                            File size:177'704 bytes
                                                                                                                                                                                                                                                                                                            MD5 hash:FD9DF72620BCA7C4D48BC105C89DFFD2
                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001A.00000002.3791226568.000001AD7AC9D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001A.00000002.3789368598.000001AD00047000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001A.00000002.3791226568.000001AD7AC69000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001A.00000002.3792603364.000001AD7AF60000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001A.00000002.3789368598.000001AD000BF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001A.00000002.3791226568.000001AD7AC9F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001A.00000002.3789368598.000001AD00001000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001A.00000002.3791226568.000001AD7AC60000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001A.00000002.3789368598.000001AD00073000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001A.00000002.3791226568.000001AD7ACE6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001A.00000002.3789368598.000001AD00083000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                            Target ID:27
                                                                                                                                                                                                                                                                                                            Start time:05:17:43
                                                                                                                                                                                                                                                                                                            Start date:24/11/2024
                                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                            Target ID:28
                                                                                                                                                                                                                                                                                                            Start time:05:18:02
                                                                                                                                                                                                                                                                                                            Start date:24/11/2024
                                                                                                                                                                                                                                                                                                            Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95fbc98a-3c27-44ae-84cf-9e3acc292491 "5da68ded-3041-4a37-bb29-975445cce246" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000Kh41eIAB
                                                                                                                                                                                                                                                                                                            Imagebase:0x1bb80f90000
                                                                                                                                                                                                                                                                                                            File size:177'704 bytes
                                                                                                                                                                                                                                                                                                            MD5 hash:FD9DF72620BCA7C4D48BC105C89DFFD2
                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001C.00000002.3978282360.000001BB81170000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001C.00000002.3980162683.000001BB81821000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001C.00000002.3980162683.000001BB81893000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001C.00000002.3980162683.000001BB818A3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001C.00000002.3978282360.000001BB811B5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001C.00000002.3978282360.000001BB811F5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001C.00000002.3979649317.000001BB81380000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001C.00000002.3980162683.000001BB818DF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001C.00000002.3978282360.000001BB811AD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001C.00000002.3978282360.000001BB81179000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001C.00000002.3980162683.000001BB81867000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001C.00000002.3989509307.000001BB9A15A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                            Target ID:29
                                                                                                                                                                                                                                                                                                            Start time:05:18:02
                                                                                                                                                                                                                                                                                                            Start date:24/11/2024
                                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                            Disassembly

                                                                                                                                                                                                                                                                                                            Reset < >

                                                                                                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                                                                                                              Function 071B2764 Relevance: .4, Instructions: 394COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000003.2287526734.00000000071B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071B0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_3_71b0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: a07695d0a1fd434dc0e8de517876ae9aa835ad7d0f4b95c11305d54bb5cdc8e3
                                                                                                                                                                                                                                                                                                              • Instruction ID: e595d9f4094da31b9fe556c3833762af18dc8a90621b0d107bd20275df17c475
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a07695d0a1fd434dc0e8de517876ae9aa835ad7d0f4b95c11305d54bb5cdc8e3
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 66E0EDB0C182058F8791EFB884111AABFF1FA1A200B2082AEC488C6250E33682078B42
                                                                                                                                                                                                                                                                                                              Function 071B1080 Relevance: .2, Instructions: 212COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000003.2287526734.00000000071B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071B0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_3_71b0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: f2048a2f157d424b012b0b2f4a862bb8118c34fd2e7bf8fb63d07e80b9a49ea9
                                                                                                                                                                                                                                                                                                              • Instruction ID: 2cde24af7d9f3e749a64f5bb8b59274041fb14ed6163f0a99d8a47e2ef59cb25
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f2048a2f157d424b012b0b2f4a862bb8118c34fd2e7bf8fb63d07e80b9a49ea9
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3771C2B5B00218DFDB189BB5C8646AEB7B7AFC9310F158069E506EB3E0DF349C528B41
                                                                                                                                                                                                                                                                                                              Function 071B23B8 Relevance: .2, Instructions: 161COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000003.2287526734.00000000071B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071B0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_3_71b0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: a14f3e9a424602709b8e8863cefaf571aac596b969b9b0a8280532676ac71853
                                                                                                                                                                                                                                                                                                              • Instruction ID: f5c9503793f4ae8ab7fbd54fb225849149d2ccc1633f06c9a2f4a3fc85981827
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a14f3e9a424602709b8e8863cefaf571aac596b969b9b0a8280532676ac71853
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4851BEB5B05202CFCB21CF68D894AEABBF1FF49214B1581A6E518DB6A2D731DC45CB81
                                                                                                                                                                                                                                                                                                              Function 071B1630 Relevance: .2, Instructions: 160COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000003.2287526734.00000000071B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071B0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_3_71b0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 58fcc0c1b329ba5c31cafc6893ad356fc87471d3bddaa45278b2397ce49d23b3
                                                                                                                                                                                                                                                                                                              • Instruction ID: 08ec9a350287036b553c528ff501488899b5e79c9b87e755c0d91b4605379ae5
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 58fcc0c1b329ba5c31cafc6893ad356fc87471d3bddaa45278b2397ce49d23b3
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8351D175B002499FD725DF78D8606EEBBF6EFC9350B14816AE404D7395DB309D028B91
                                                                                                                                                                                                                                                                                                              Function 071B0E8C Relevance: .2, Instructions: 155COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000003.2287526734.00000000071B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071B0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_3_71b0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: be81937c5dcbb5b88b1a37d28ee400d52524ae3f685adf7eeb423c58aef89e15
                                                                                                                                                                                                                                                                                                              • Instruction ID: d7ebf242d38c80aa17bb4b2258f58d558e7b7294af9d67dba7867429fb80077c
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: be81937c5dcbb5b88b1a37d28ee400d52524ae3f685adf7eeb423c58aef89e15
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F241FAB1B401056BE728A67594647EE7BA79FC9610F54842DE906AB3C0CF359C0687A1
                                                                                                                                                                                                                                                                                                              Function 071B2644 Relevance: .1, Instructions: 130COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000003.2287526734.00000000071B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071B0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_3_71b0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: c9bdae02f16faeaa838c148ec174cf76a7372893e66b27f396d5b89120f540e4
                                                                                                                                                                                                                                                                                                              • Instruction ID: 1498355fa8f3feb88d5da3f00b344bf7fe81bedb316f0a7bcbbd03c65d7513b4
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c9bdae02f16faeaa838c148ec174cf76a7372893e66b27f396d5b89120f540e4
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2A314CB17083545FD73A1A7554643FE3F9BAFCA610F4484AAD841DB2C2DF789C4983A2
                                                                                                                                                                                                                                                                                                              Function 071B0C1C Relevance: .1, Instructions: 108COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000003.2287526734.00000000071B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071B0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_3_71b0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 9f22043222bc8c3ba64a45e07fa56ce6be3869b49a3f1c838612db710ba54e44
                                                                                                                                                                                                                                                                                                              • Instruction ID: 2e53849963797abd99df305f636b091c36256b5f50c9ff4552e0d800647fce1a
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9f22043222bc8c3ba64a45e07fa56ce6be3869b49a3f1c838612db710ba54e44
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2B310671708389ABD72A577994753FF3FB29F8A210F19449AD441EB2C2CF254C0583A2
                                                                                                                                                                                                                                                                                                              Function 071B2268 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000003.2287526734.00000000071B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071B0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_3_71b0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 7156d98ab318cf1a7733f167f347379bc6f9fc9e78627df25dbb6f0f8a7a7e15
                                                                                                                                                                                                                                                                                                              • Instruction ID: 435925e12496efb9b494c52cfd9da6ddc27b62a4fdaef9b2e7d1c767daa4dd6b
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7156d98ab318cf1a7733f167f347379bc6f9fc9e78627df25dbb6f0f8a7a7e15
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F741F479B102189FCB54DF69D88499EBBB2FF8C710B14816AE905EB360DB31DC45CB90
                                                                                                                                                                                                                                                                                                              Function 071B2A98 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000003.2287526734.00000000071B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071B0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_3_71b0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 7f5bf9f126c2ef6d4a30f00630e953d60930b7c46d58bbf0c65a396bf9b39db3
                                                                                                                                                                                                                                                                                                              • Instruction ID: c8fa22ef0a907a205baadfb67baf796385d9a36f05dd773371c6f223f692df79
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7f5bf9f126c2ef6d4a30f00630e953d60930b7c46d58bbf0c65a396bf9b39db3
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 40213BB27093950BDB375A3554507FA7F9A6F8AA50F0844AAE840C72C2DF789D0D83B2
                                                                                                                                                                                                                                                                                                              Function 071B2664 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000003.2287526734.00000000071B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071B0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_3_71b0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 14f5a6bc4fbd1b259ba7169a2b0cc4cf55a377b743c5ae938fd1d989f625e7f3
                                                                                                                                                                                                                                                                                                              • Instruction ID: 6b05bc91d475cb30b4cef37ff151d07c5eb1fe529b36b2ab67e5da3520d7e461
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 14f5a6bc4fbd1b259ba7169a2b0cc4cf55a377b743c5ae938fd1d989f625e7f3
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 50218E7565536A6FC322267424253FA3F58DF47261F1544A3FA489A1D1CB34C89EC3E2
                                                                                                                                                                                                                                                                                                              Function 071B1050 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000003.2287526734.00000000071B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071B0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_3_71b0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 6c5ab2dffadcfdbf4e7133b2c56acfb2b56327421a6a9431a094b5f8e13b74d2
                                                                                                                                                                                                                                                                                                              • Instruction ID: fcf4c9de3f5283ed095d8e4489a0b5f6fef3f49111986f10c787e729529d8c27
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6c5ab2dffadcfdbf4e7133b2c56acfb2b56327421a6a9431a094b5f8e13b74d2
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 79214BB2B04258EBCB159B7988706EE7FA6DFC9250F15406AD505CB3C1EF31891A8791
                                                                                                                                                                                                                                                                                                              Function 071B2258 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000003.2287526734.00000000071B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071B0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_3_71b0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 751aa8d45ee006f46a4528cf56b43275d921452c5fd501f3fe5cb768c104ed6b
                                                                                                                                                                                                                                                                                                              • Instruction ID: 6cba2d8658e0c40f04dc0d3c087529d30613c6fec3ccd634fab8ddb6662b4be3
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 751aa8d45ee006f46a4528cf56b43275d921452c5fd501f3fe5cb768c104ed6b
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E72117B9A102189FCB54DF79D8849DEBBB1FF8D720F10816AE805EB360DB319941CB90
                                                                                                                                                                                                                                                                                                              Function 071B1378 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000003.2287526734.00000000071B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071B0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_3_71b0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 8f8b07cfbec2ddb9b4dceb7276106af8a2328bd30542e35785b42ef149080087
                                                                                                                                                                                                                                                                                                              • Instruction ID: ab30720d4f6996eda67ad142a69b14fda6aba44ec15b86844e01ebc9441311a9
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8f8b07cfbec2ddb9b4dceb7276106af8a2328bd30542e35785b42ef149080087
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9321F0B0D042499FDB20DFAAC881AEEFBF0FF88224F10852AD519A7240C7756905CFA5
                                                                                                                                                                                                                                                                                                              Function 071B1380 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000003.2287526734.00000000071B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071B0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_3_71b0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 61eba6f5cd2c682575fd4d235f22d3b2db1c9edf0b3ebeb4afc1fcfbd39484f3
                                                                                                                                                                                                                                                                                                              • Instruction ID: 99f3e6977d0d69d4378335847a0010627ff9a883afe392cb17b9d2c574dcccb6
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 61eba6f5cd2c682575fd4d235f22d3b2db1c9edf0b3ebeb4afc1fcfbd39484f3
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4811E3B0D04249DFDB20DFAAC881ADEFBF4FF88210F508429D51967240C7756905CFA5
                                                                                                                                                                                                                                                                                                              Function 071B1968 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000003.2287526734.00000000071B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071B0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_3_71b0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 53f1f79f74ff990120c84d9453d66dc0cb70bb6087c9aff7e5b931af80d55d6c
                                                                                                                                                                                                                                                                                                              • Instruction ID: ec293fb5dfd2d7447b080f40645103b7d983db35e2c2c534ac4358988528e878
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 53f1f79f74ff990120c84d9453d66dc0cb70bb6087c9aff7e5b931af80d55d6c
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 44114F35A00148EFDB04DF68D45AAA97BB7EF8C320F644119E80AE73C1DF799895CB90
                                                                                                                                                                                                                                                                                                              Function 071B182A Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000003.2287526734.00000000071B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071B0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_3_71b0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 7e73be34cd2a1b65e7e6e5bd209b1cf40fd5c4673c68cb6a76ed05659e26494e
                                                                                                                                                                                                                                                                                                              • Instruction ID: 6fc1f5e9d32c231839b8341a8b80044ba51b5966d42fdc4cec75627d5f38d6e4
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7e73be34cd2a1b65e7e6e5bd209b1cf40fd5c4673c68cb6a76ed05659e26494e
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FF01D4B1A00109A7E729AAA898667EFBBAAAB89250F15402DD001B77C0CF710C4087E2
                                                                                                                                                                                                                                                                                                              Function 071B1440 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000003.2287526734.00000000071B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071B0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_3_71b0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 8f2ebf7901eb4573a3a4d58488a241914e8f31ddad3daef0e8d340e5b04ce657
                                                                                                                                                                                                                                                                                                              • Instruction ID: 721710a4b1d495ad0195a84b8e767ad4e0ce557f328f4d6dc9a5833131c5126c
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8f2ebf7901eb4573a3a4d58488a241914e8f31ddad3daef0e8d340e5b04ce657
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7E01FE75A19389AFC706AF7468715E53FB69DC321030905ABD545CF2D2FB24C444C7D1
                                                                                                                                                                                                                                                                                                              Function 04BCD01D Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000002.2288265365.0000000004BCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BCD000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4bcd000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 6798969e46b545373effeb7b23f0e098df96e793f0826ab7159d80508cb3e402
                                                                                                                                                                                                                                                                                                              • Instruction ID: 2c60d21b18742fd76e016d185b9a6f697de42c9f52715d149af241ea3ac22109
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6798969e46b545373effeb7b23f0e098df96e793f0826ab7159d80508cb3e402
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7901F275504340EAE7104F3AEDD0B67FFDCEF42320F0881AEED080A282C278A846C6B1
                                                                                                                                                                                                                                                                                                              Function 04BCD005 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000002.2288265365.0000000004BCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BCD000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4bcd000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 267f4f89e1127518d3ded1c8492677118051aadc898d040e88e1f1fd09d85546
                                                                                                                                                                                                                                                                                                              • Instruction ID: f881ed48710f55cb8b120d53a73344b5a9e5d51e271c6865b03ae74bc1e6aed5
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 267f4f89e1127518d3ded1c8492677118051aadc898d040e88e1f1fd09d85546
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3701527144D3C09FD7164B29DC94752BFA8EF43224F1985EBD9888F193C2695C45C772
                                                                                                                                                                                                                                                                                                              Function 071B1431 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000003.2287526734.00000000071B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071B0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_3_71b0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: fc6d768176f65bf69c7b94809fb518069834f1f6045e398de54cae3347f50ce2
                                                                                                                                                                                                                                                                                                              • Instruction ID: 6c998f6f05bbd2d3a2e81bb312ebe6f706ec2f0e7dd3aee51187e876928fb2ce
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fc6d768176f65bf69c7b94809fb518069834f1f6045e398de54cae3347f50ce2
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 06F02875A0528A6FC709AB75A4321A93FA6DEC3210305046ED542CF2D2FB20C440C7D1
                                                                                                                                                                                                                                                                                                              Function 071B25D1 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000003.2287526734.00000000071B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071B0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_3_71b0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: fedebb87a8b2baa1f609a6f0d2b5b5d3b6b6da9ec21043ffd233279bc208b311
                                                                                                                                                                                                                                                                                                              • Instruction ID: ab701cf11398d9379a8bf88297119b33f1d22c09b8be8a3eefa3da6f43b9853a
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fedebb87a8b2baa1f609a6f0d2b5b5d3b6b6da9ec21043ffd233279bc208b311
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0AF0B436B140D54BCB0D8B78E0681FDBFB29FC9210F24816ED88267280EF35591ECB50
                                                                                                                                                                                                                                                                                                              Function 071B2654 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000003.2287526734.00000000071B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071B0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_3_71b0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 9a16cdbd7c33cb81987cb6ce45dd06c116de00c6c6c2035c9ae627634a1d89f4
                                                                                                                                                                                                                                                                                                              • Instruction ID: bb932c73e431edd56ce9e22e585c14a0ed09171630f2ec106fb91fbcd7e44ce8
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9a16cdbd7c33cb81987cb6ce45dd06c116de00c6c6c2035c9ae627634a1d89f4
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A1E012B171431A56EF3A296956107E626CE6B8D754F000839D941876C1DFF4E94D03E3
                                                                                                                                                                                                                                                                                                              Function 071B25E0 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000003.2287526734.00000000071B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071B0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_3_71b0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: d2b9b427785f66035df274476887e17cff07fbf023a158e418cf7ad7744ae23c
                                                                                                                                                                                                                                                                                                              • Instruction ID: a22a9d0d82e861c1e09bb57c078bf22731972f35f7fef9e894939ebd6f99373d
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d2b9b427785f66035df274476887e17cff07fbf023a158e418cf7ad7744ae23c
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 09E0E536B101544BCB189668E4684FDB7B6EBC8210F11803AD802B3380EF301D0DCB90
                                                                                                                                                                                                                                                                                                              Function 071B17F0 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000003.2287526734.00000000071B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071B0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_3_71b0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 41038bbcea6cdd9c63d35a095945dd5573b13382d540217d4d876b4e932c5b3b
                                                                                                                                                                                                                                                                                                              • Instruction ID: b3b70bcff2a193f16dce25a38d9ee84165c064e21dab9deaff450cd6a20c0e76
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 41038bbcea6cdd9c63d35a095945dd5573b13382d540217d4d876b4e932c5b3b
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 03E0C23A1282846FC3025B39B8124E57FB99B5A0603080097F480877A2DE615C55C7E1
                                                                                                                                                                                                                                                                                                              Function 071B2590 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000003.2287526734.00000000071B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071B0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_3_71b0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 3f42250319a5b79a8ad8f6e24f535826ac8fa6c14b10f48c644cc1a53ce5cdee
                                                                                                                                                                                                                                                                                                              • Instruction ID: 3819c0aae5d4ea49d76e43feeb507358f9c82accdd4b82a7665d1f600306381f
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3f42250319a5b79a8ad8f6e24f535826ac8fa6c14b10f48c644cc1a53ce5cdee
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2FE08C720092804EC306A778FC266D43F61DE4350030AE8DBE2809F552EF10588A83D2
                                                                                                                                                                                                                                                                                                              Function 071B2A58 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000003.2287526734.00000000071B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071B0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_3_71b0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: c4c321f11e5f5b205131c5d495c0da38ced384386ef304a27843b81d1f3a0fc7
                                                                                                                                                                                                                                                                                                              • Instruction ID: b8e258fc66c8138f39e1e031ce2fe5269c045690f2675a0d27a9e1b5b609f2d7
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c4c321f11e5f5b205131c5d495c0da38ced384386ef304a27843b81d1f3a0fc7
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 08E017B4D00209DF8794EFBD85015AABBF5BB49604F1085AED84CD7340FB329A02CF92
                                                                                                                                                                                                                                                                                                              Function 071B0C0C Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000003.2287526734.00000000071B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071B0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_3_71b0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 5a8ccffc62f65abf10a68b90d1c9b2d519c6bec4e533dc81d5dfc60734e7ccc5
                                                                                                                                                                                                                                                                                                              • Instruction ID: 069c0cf09405b98d41ce52d433a56cb74c688d2e27693f2a5f23dcf5ae5ee968
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5a8ccffc62f65abf10a68b90d1c9b2d519c6bec4e533dc81d5dfc60734e7ccc5
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5DD0A77622011CAB46146A1DE86A9EA7BA9EB893A07504427F90183360DF606C118796
                                                                                                                                                                                                                                                                                                              Function 071B0440 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000003.2287526734.00000000071B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071B0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_3_71b0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: a67363edb68e3c32feb2cb13f0d03acd2c36f4afc1d37dea27453abd5c8e308a
                                                                                                                                                                                                                                                                                                              • Instruction ID: 96ae5b96064181fc4929b9e4f73ee669ef76652046af53a06d5ddd3d15e43c7c
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a67363edb68e3c32feb2cb13f0d03acd2c36f4afc1d37dea27453abd5c8e308a
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5CD0123600D3C14FC7038B705C524D1BF32AE1331974902DBE08485453C22945D9C7B1

                                                                                                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                                                                                                              Function 06A90040 Relevance: .5, Instructions: 471COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2338014665.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_6a90000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: e48cef692a5bd27e517ec9246b5f3510bef00dcb628efdc7cc08ddea42cefc22
                                                                                                                                                                                                                                                                                                              • Instruction ID: 30d94a09c3e715751d463427e40f16a0768f0007aa9be03692e473ae6225860f
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e48cef692a5bd27e517ec9246b5f3510bef00dcb628efdc7cc08ddea42cefc22
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FA224C30E1061ACFDF14EF74C84469DB7F2FF89304F1186A9D946AB251EB74A985CBA0
                                                                                                                                                                                                                                                                                                              Function 0466B688 Relevance: 2.7, Strings: 2, Instructions: 223COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: l;2q$?2q
                                                                                                                                                                                                                                                                                                              • API String ID: 0-2236465066
                                                                                                                                                                                                                                                                                                              • Opcode ID: f8f84524f80dd9fa50ed2a15415dcb45f5d6017957eae911c6482006b02987da
                                                                                                                                                                                                                                                                                                              • Instruction ID: 4691bb40116e5b244b0a58e268f5a4e8196d63af7181e13b0e0f14081f590ac7
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f8f84524f80dd9fa50ed2a15415dcb45f5d6017957eae911c6482006b02987da
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F561E679B00126CBD7149E7A985067FBBA7BFD4B44B24802AD906D7394FE34FC0297A1
                                                                                                                                                                                                                                                                                                              Function 046685C0 Relevance: 1.7, Strings: 1, Instructions: 430COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: d
                                                                                                                                                                                                                                                                                                              • API String ID: 0-2564639436
                                                                                                                                                                                                                                                                                                              • Opcode ID: 311512548af3105f8c4aabc3a91ba644a20208611068fffcaaa75821b2e74bd9
                                                                                                                                                                                                                                                                                                              • Instruction ID: 561310fac7c4d4d5e58163bb89569a805808b513aed4e31df17229b6de6a0acf
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 311512548af3105f8c4aabc3a91ba644a20208611068fffcaaa75821b2e74bd9
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0DF18B74B006058FD724DF69C480A6ABBF2FF89314B25CA69D55A9B361E730FC46CB90
                                                                                                                                                                                                                                                                                                              Function 04666C20 Relevance: 1.7, Strings: 1, Instructions: 417COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: |72q
                                                                                                                                                                                                                                                                                                              • API String ID: 0-3959105270
                                                                                                                                                                                                                                                                                                              • Opcode ID: 7dd6940aa501c14a0a7ca8f1906d547e24990843369e787bcd108feac31aeeb7
                                                                                                                                                                                                                                                                                                              • Instruction ID: bcb3d1c1f9de5c6577b6b9a0eaff0dc32b6bd89a269e5c463f91644f1cad5383
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7dd6940aa501c14a0a7ca8f1906d547e24990843369e787bcd108feac31aeeb7
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 31E10F71B002158FD7149FB9D4906AA7BF2FF9A304B24846EE4469B395EB30ED42CB91
                                                                                                                                                                                                                                                                                                              Function 06A99FE0 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              • KiUserExceptionDispatcher.NTDLL ref: 06A99FF8
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2338014665.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_6a90000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: DispatcherExceptionUser
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 6842923-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: b2c905d5110558517796db68e69ef7394af4930727874bea92795a622d7a676b
                                                                                                                                                                                                                                                                                                              • Instruction ID: 243082f2bed3496a18c8968ab5ba5ab78519fe7d156e099758367c97e80ac99f
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b2c905d5110558517796db68e69ef7394af4930727874bea92795a622d7a676b
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E6113A39E022048FDF50AB39D8403EDB7F5EB89324F248127D61557290EB369C48CB70
                                                                                                                                                                                                                                                                                                              Function 06A99FD0 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                              • KiUserExceptionDispatcher.NTDLL ref: 06A99FF8
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2338014665.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_6a90000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID: DispatcherExceptionUser
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID: 6842923-0
                                                                                                                                                                                                                                                                                                              • Opcode ID: 0b2e07ef2eaffd2bb294ddd3f17cf42de13911a2aa61d6cac882933daf088653
                                                                                                                                                                                                                                                                                                              • Instruction ID: 11fe49b9330804b923e969c6cae7a471f41b44481878c813c0586b178db4b827
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0b2e07ef2eaffd2bb294ddd3f17cf42de13911a2aa61d6cac882933daf088653
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 56113A39D026049FEF50AF35D8403DD77F5EF89368F308116DA1167180EB35994ACB60
                                                                                                                                                                                                                                                                                                              Function 0466E7D8 Relevance: 1.4, Strings: 1, Instructions: 181COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: L<2q
                                                                                                                                                                                                                                                                                                              • API String ID: 0-394604982
                                                                                                                                                                                                                                                                                                              • Opcode ID: 0e64770253fd2cd31caf3d70ea27d5c026199d922baf5615769db92dd71bb49e
                                                                                                                                                                                                                                                                                                              • Instruction ID: 811e003cc71b32c758aeed3c82318d2dd7c14dcbc96d4645257766d6012b718c
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0e64770253fd2cd31caf3d70ea27d5c026199d922baf5615769db92dd71bb49e
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B6618D38B002158BDB14EFA9E55466EB7F2FF98600B24842DD507EB384FF75AC058B91
                                                                                                                                                                                                                                                                                                              Function 04666BF1 Relevance: 1.4, Strings: 1, Instructions: 162COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: |72q
                                                                                                                                                                                                                                                                                                              • API String ID: 0-3959105270
                                                                                                                                                                                                                                                                                                              • Opcode ID: 712126453b7348b2ddb0ac8d653518187e122157b003613f0affb22b0f90b683
                                                                                                                                                                                                                                                                                                              • Instruction ID: 05fffd75ca1c0b512583c5f0641a55d17bcf66932b575c055dd9775956702124
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 712126453b7348b2ddb0ac8d653518187e122157b003613f0affb22b0f90b683
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 31518E70B002068FDB05DF69D5949AEBBF2FF89310B15C569E5069B3A1EB30ED05CB91
                                                                                                                                                                                                                                                                                                              Function 0466EA88 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: T;2q
                                                                                                                                                                                                                                                                                                              • API String ID: 0-2271696963
                                                                                                                                                                                                                                                                                                              • Opcode ID: 423dd17f4528cfcdc08c85be5fae51eda747e00e8dc92b16146708bc66b9f5b6
                                                                                                                                                                                                                                                                                                              • Instruction ID: e552640d36fd740ee86737be56ba3202c7253224abad93b00edc5ac844cd03e6
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 423dd17f4528cfcdc08c85be5fae51eda747e00e8dc92b16146708bc66b9f5b6
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6A31E039B002158FEB089A7ED4549AEBBA6FFC96147144039E947CB350EF31EC068B91
                                                                                                                                                                                                                                                                                                              Function 0466E7C7 Relevance: 1.4, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: L<2q
                                                                                                                                                                                                                                                                                                              • API String ID: 0-394604982
                                                                                                                                                                                                                                                                                                              • Opcode ID: 2ddbf4ed029cd80d7d524e15072cc08c8714a1f60cf52015cbc8795e9f84a7dc
                                                                                                                                                                                                                                                                                                              • Instruction ID: 2325d27d74d5f27b2b16b43015f7a4eb9168b5a6f86ec580e5f2142777231fea
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2ddbf4ed029cd80d7d524e15072cc08c8714a1f60cf52015cbc8795e9f84a7dc
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5E416B39B001158FCB149FB9D4546AEBBF6FFD8600B24842DD446EB390EF75AC068BA1
                                                                                                                                                                                                                                                                                                              Function 0466EA75 Relevance: 1.3, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: T;2q
                                                                                                                                                                                                                                                                                                              • API String ID: 0-2271696963
                                                                                                                                                                                                                                                                                                              • Opcode ID: e63e8f0af62e6dfbf8004093a5ec3ac185f99c7747d2600df86325eae68c56b9
                                                                                                                                                                                                                                                                                                              • Instruction ID: 9bff971040d46d85041a1d6bebd00e222128e16c9cca6d55077660ca79b65371
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e63e8f0af62e6dfbf8004093a5ec3ac185f99c7747d2600df86325eae68c56b9
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E3F0E0393052501FC705162D945445ABBFBBFCA510359006AE555CB376ED56AC074772
                                                                                                                                                                                                                                                                                                              Function 04667448 Relevance: .9, Instructions: 923COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: ed2cfe116de84d829a59ce9770c3ee7d769066d92d0039b85db36d07c66421a8
                                                                                                                                                                                                                                                                                                              • Instruction ID: bc5b19b352b4b44c55a413f42125515095f4ae6367c081dd601072f952ead029
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ed2cfe116de84d829a59ce9770c3ee7d769066d92d0039b85db36d07c66421a8
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9AA2D534901218DFDB259FA5C854AEEBBB2FF49300F1055EAD60A6B350EB359E85CF81
                                                                                                                                                                                                                                                                                                              Function 046674C0 Relevance: .9, Instructions: 867COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 58e1b4cd70873aa77f22081f0a8ab0dfdbf19903595bd9b70d70af3c1613eaf2
                                                                                                                                                                                                                                                                                                              • Instruction ID: 72610cb55e37bb085223e339d2002cde8306b25763000b3e10ef9278ee301a95
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 58e1b4cd70873aa77f22081f0a8ab0dfdbf19903595bd9b70d70af3c1613eaf2
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8192B334900218DFDB259FA5C854AEEBBB2FF49300F1055EAD60A6B350EB359E85DF81
                                                                                                                                                                                                                                                                                                              Function 046699B8 Relevance: .4, Instructions: 371COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 13ba95c8dc92831c09d01c6228e579d65530f01d861887d38033e56f99335040
                                                                                                                                                                                                                                                                                                              • Instruction ID: f1c21ddbec0d154ecab63c2d499972a5e88c663c80c0dc376f041734dd970af4
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 13ba95c8dc92831c09d01c6228e579d65530f01d861887d38033e56f99335040
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9CF15B74A003598FDB05DFA9C884A9DBBF2FF99300F148199D809AB365EB74ED49CB50
                                                                                                                                                                                                                                                                                                              Function 0466E1F0 Relevance: .3, Instructions: 326COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: fbbf27d3091a8f4eb5179676df3de9c55f456a037ed7a28eec4c3a4a866e27fe
                                                                                                                                                                                                                                                                                                              • Instruction ID: cf6f5ed575e4b504f619a2ff689ad7e0d832fe717e3500f577184aa6cce4e8eb
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fbbf27d3091a8f4eb5179676df3de9c55f456a037ed7a28eec4c3a4a866e27fe
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C8C15D74B102158FDB14DFA9D994AAEBBB2BF98704F144029D802EB354EF75EC06CB91
                                                                                                                                                                                                                                                                                                              Function 046699A8 Relevance: .3, Instructions: 298COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: abeeb0026f5e92cc3d9463477bada2c8bb069e437e8ae61d51d4903d68843bb5
                                                                                                                                                                                                                                                                                                              • Instruction ID: 43c8c7e26a42d911f12b63d137d73fcd73eaadddb283d45d752a3592413f1c4e
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: abeeb0026f5e92cc3d9463477bada2c8bb069e437e8ae61d51d4903d68843bb5
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F7D12A74A003598FDB05CFA9C988A9DBBF2FF99300F148195D809AB365EB74ED49CB50
                                                                                                                                                                                                                                                                                                              Function 0466BE40 Relevance: .3, Instructions: 273COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 97e246d8d80ac1d5eb06f2f725083fe4c4d7c9c243f51afe555b7c4962df3ba6
                                                                                                                                                                                                                                                                                                              • Instruction ID: fe1bb62dab26a3d880f6bff3a2dc52146309041584e52bc7f71611a7d160f365
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 97e246d8d80ac1d5eb06f2f725083fe4c4d7c9c243f51afe555b7c4962df3ba6
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F9B16934B00601CFDB14DF79D594AAABBF2FF89204B048669D9468B361EB75EC06CF91
                                                                                                                                                                                                                                                                                                              Function 04661080 Relevance: .2, Instructions: 212COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: a11f982ff48d3e9548400b3a82ad02b90c9d9c6060a00a52ac6496b6560a253c
                                                                                                                                                                                                                                                                                                              • Instruction ID: 84856854c3a0f481a18fcca2e41d823e4a6bb5434f029240f970d68e7cd875a4
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a11f982ff48d3e9548400b3a82ad02b90c9d9c6060a00a52ac6496b6560a253c
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DC71A435B002149FEB149BB5C9546AEB7B7AFC9310F148029E507EB3A4EE35EC428B91
                                                                                                                                                                                                                                                                                                              Function 0466BE33 Relevance: .2, Instructions: 191COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: aa517db092ed94566f6dd77231bf56ec601badf7ec5bc45d5cd2d1dbe7290581
                                                                                                                                                                                                                                                                                                              • Instruction ID: 190ee822b54fbadce0b21d1305d961dff444350ed21d305f3abeb6ab810bc79c
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: aa517db092ed94566f6dd77231bf56ec601badf7ec5bc45d5cd2d1dbe7290581
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2A716774B00601DFDB05DF79D4949AABBF2FF89204B048669D9468B355EB34EC06CB91
                                                                                                                                                                                                                                                                                                              Function 0466BAD8 Relevance: .2, Instructions: 189COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: a1e5d778cc39d941d43dcdf0935d34345fc0fad8e6a0851c6a035de6dbc0399d
                                                                                                                                                                                                                                                                                                              • Instruction ID: e486b41094bdeb61900979b4bfdfa3a869e7eab59f2ece5d9c9d8bdba84c764c
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a1e5d778cc39d941d43dcdf0935d34345fc0fad8e6a0851c6a035de6dbc0399d
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D7518D727001248FEB18DF69D454AAE7BE6FF9571071480AAE906CB360EF31ED01C791
                                                                                                                                                                                                                                                                                                              Function 04666048 Relevance: .2, Instructions: 188COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 219e5351683cfc6c2365998a2625c6f4d187214b7e73536d8e6ec7da20327bf2
                                                                                                                                                                                                                                                                                                              • Instruction ID: 28e7aa215ded6d28d8eed9ba686e7e767d9ba0f6207b55f50f21d664cf676dae
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 219e5351683cfc6c2365998a2625c6f4d187214b7e73536d8e6ec7da20327bf2
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 10712B30A003089FEB05EFE4D4607EEBBB6EF89304F108469D65667391EF35AD469B91
                                                                                                                                                                                                                                                                                                              Function 046668E0 Relevance: .2, Instructions: 187COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: fa3a107c37bc85e2fb2a352a39715e7a6f7064bfd604054713d4eeb6925512bd
                                                                                                                                                                                                                                                                                                              • Instruction ID: 4d73b6584fc2eade68b4d615c6379eab0b6352a54f2f56da2fd6c42086781073
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fa3a107c37bc85e2fb2a352a39715e7a6f7064bfd604054713d4eeb6925512bd
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 76615D76B002059FCB11CF59D48099ABBF6FF8D30071481A9EA09DB321E731ED15DB90
                                                                                                                                                                                                                                                                                                              Function 0466ABA0 Relevance: .2, Instructions: 186COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 3f4dcbcee54a9d72b0434d7e05f6dd8ee552cc070e9d741c6a19c8194b8fd51e
                                                                                                                                                                                                                                                                                                              • Instruction ID: 40e8d3e6e39cb61a30c4b5644b545b4033d0fcf8dbc2f0025be53d5450ecb258
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3f4dcbcee54a9d72b0434d7e05f6dd8ee552cc070e9d741c6a19c8194b8fd51e
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5D5106747105018FDB099FAAD59892A77E6AFDA71132980A9E107DB371FF71EC02DB40
                                                                                                                                                                                                                                                                                                              Function 0466B48F Relevance: .2, Instructions: 182COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 03096cb5e28237a128091938bad072d63912fda7a0f63df27465485d9aabb61f
                                                                                                                                                                                                                                                                                                              • Instruction ID: 4ebc86b709ebc6b58a52e45843c815f864f0733965d9381faff2addc5d9f5a7b
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 03096cb5e28237a128091938bad072d63912fda7a0f63df27465485d9aabb61f
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5E51A17650A3E18FD7039B389DA55D57F31EF53218B0980D7D581CF2A3EA24A90BC7A2
                                                                                                                                                                                                                                                                                                              Function 0466A92F Relevance: .2, Instructions: 179COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 2a8df4add1d9ee5a6aed23808545e05b7642c5ca55d9a32985442b79cdd89921
                                                                                                                                                                                                                                                                                                              • Instruction ID: 37172e5ad378099a33f42217546725841fd5628e8331783b36146f5e9cb1ea05
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2a8df4add1d9ee5a6aed23808545e05b7642c5ca55d9a32985442b79cdd89921
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4151B26190E3959FD703DF7898A11DD7F71EF47208B0541DBC181EB2A3EA24AA0BC792
                                                                                                                                                                                                                                                                                                              Function 04665482 Relevance: .2, Instructions: 156COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 09902aa3536fc3879ec0cd26a2807ed3fa95c9d347c58c080d2735411ea2e204
                                                                                                                                                                                                                                                                                                              • Instruction ID: 0d5576ae208b3051ce8cc36109a2dba741964801872670f8a06945ad6b96d6cf
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 09902aa3536fc3879ec0cd26a2807ed3fa95c9d347c58c080d2735411ea2e204
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 61512E75A00219EBEB04EFE5E8646ADBBB2FF88308F008019D6126B351EF356D41DF61
                                                                                                                                                                                                                                                                                                              Function 04661630 Relevance: .2, Instructions: 156COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: a3f571200bcf3f72e7134cd9cc6f69c53755cc6d5e818f0dd5b94d3ce6482b15
                                                                                                                                                                                                                                                                                                              • Instruction ID: 9a91ae8426c10e8346d107170b2a2b16672205d9e2b45bbdf9ea6646ed6c452d
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a3f571200bcf3f72e7134cd9cc6f69c53755cc6d5e818f0dd5b94d3ce6482b15
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5851AE35B012488FDB14DF78D8506EEBBF6AFCA350B14817AE516D7365EA30AD12CB90
                                                                                                                                                                                                                                                                                                              Function 0466B4F7 Relevance: .1, Instructions: 149COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 623186a6d5ec63be84830343ff27887daed70cfb0cacf42586e1ca408c0b54ef
                                                                                                                                                                                                                                                                                                              • Instruction ID: 964803993c7d08a9078ad9dd68567b2936de1d141ddc480510261826ab42fc9a
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 623186a6d5ec63be84830343ff27887daed70cfb0cacf42586e1ca408c0b54ef
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9141E5B560A3918FD7029B38ECA55D57F71EF53214B0980D7D541CB2A3EA34AD07C7A2
                                                                                                                                                                                                                                                                                                              Function 04660C1C Relevance: .1, Instructions: 148COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 19cfdaa95435880f3d4c19125a7f44d39ee95c4c2f2a2a66475aa97fb8e92121
                                                                                                                                                                                                                                                                                                              • Instruction ID: 794b0a2e38ca277f39d3b29dd48ee4e013c4f81c44e3e21c5390b039f4855e19
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 19cfdaa95435880f3d4c19125a7f44d39ee95c4c2f2a2a66475aa97fb8e92121
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6151C030B04654AFEB24DF68D4547AE7BB6EF8A314F148429D50BE7381EE396C06CB91
                                                                                                                                                                                                                                                                                                              Function 04660E8C Relevance: .1, Instructions: 147COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 9b3f15ad6923e3b99a07514ba3743648017fbdc9a66cc90406e7adcb993f8af5
                                                                                                                                                                                                                                                                                                              • Instruction ID: b56bb8833c1553b30a4cd541d7c692f7aa1f6f1b146986793711baa916a3e543
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9b3f15ad6923e3b99a07514ba3743648017fbdc9a66cc90406e7adcb993f8af5
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C741F671B402156BFB18AA64D4607BE779ADFC5310F14C02DD907EB380EE35AC068795
                                                                                                                                                                                                                                                                                                              Function 04664EC0 Relevance: .1, Instructions: 143COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: f017c1698e07a0f938f04ff76f0251d6287540f80b41c4fa25f6ef43ea2bcea0
                                                                                                                                                                                                                                                                                                              • Instruction ID: c9e9e5519f1fc2bee3b9c0480e63e2f82039b8f6f99486a8c176c437f3ccd0bc
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f017c1698e07a0f938f04ff76f0251d6287540f80b41c4fa25f6ef43ea2bcea0
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3241DF317002588FEB18EF69E4606AF77A2BFC5244B20816DD4069F385EF34ED0687E6
                                                                                                                                                                                                                                                                                                              Function 0466C4D8 Relevance: .1, Instructions: 142COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: c613db6dc0f309678aeb236a1a59d9192fbc8217630834218270231456e50c49
                                                                                                                                                                                                                                                                                                              • Instruction ID: 813e7bfefc7d45fd7a238e7346e5da91e676eb2f58793cf86b334ea6eb33d528
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c613db6dc0f309678aeb236a1a59d9192fbc8217630834218270231456e50c49
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E5519035304B418FD325DF29D858A6ABBE2EFC5300B04866DD5878B762EA74FC46CB91
                                                                                                                                                                                                                                                                                                              Function 046634A8 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 246b141d54297ecf7778ac0bd08dc03dc84bef6c75b4e3d7c0c8b2a1df526d4a
                                                                                                                                                                                                                                                                                                              • Instruction ID: 0321f7f6da33379a5d59569f7ccf2a461ffe0db2e0225636d4a72e007e0bcca5
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 246b141d54297ecf7778ac0bd08dc03dc84bef6c75b4e3d7c0c8b2a1df526d4a
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8F517F347112069BD705DB78E9A06ADBBB7EFC9604B00C62DE5069B355EF70FD1A8B80
                                                                                                                                                                                                                                                                                                              Function 046634B8 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 1747b2dd675d2d7650409065297673d1c04e3e979653a57fd7c0c7b31a8e27c2
                                                                                                                                                                                                                                                                                                              • Instruction ID: 2685e211758c7f295634e3133d9df2d3cfc57cf7771d85dc6949311cf6cd09d9
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1747b2dd675d2d7650409065297673d1c04e3e979653a57fd7c0c7b31a8e27c2
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A2516E347111069BD705EB69E9606AEBBB7EFC9604B00C629E5069B345EF70FD0A8BC0
                                                                                                                                                                                                                                                                                                              Function 04665490 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 96d0176de298ffd9508c8395110e0857ac017c8a43d282ff9cf21e9d363c431b
                                                                                                                                                                                                                                                                                                              • Instruction ID: a27c146d485e2d7eca6cade1015ee669c820f5d79dd4e977cf4eeceb441b02ea
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 96d0176de298ffd9508c8395110e0857ac017c8a43d282ff9cf21e9d363c431b
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1651EC74A00219EBEB04EFE5E8646ADBBB2FF89308F109419E61667390DF356D41CF61
                                                                                                                                                                                                                                                                                                              Function 0466A228 Relevance: .1, Instructions: 135COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 33c1b7d2cd920881de65d2d81af30c84f48e689b92c2a96d82e6a4fc79a903e1
                                                                                                                                                                                                                                                                                                              • Instruction ID: 1d9e3150c506b4e873ce46bc67ef311ad25a34f16f7856e123b5895699c38566
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 33c1b7d2cd920881de65d2d81af30c84f48e689b92c2a96d82e6a4fc79a903e1
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6C41C431B042549FD715CFA9C894B9EBBF2EF8A710F148199D806BB381DB75AD02CB90
                                                                                                                                                                                                                                                                                                              Function 046630EC Relevance: .1, Instructions: 135COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: b0af61e278025f096d1a1fe9771259e478eb976029059cbf2c89efe5c5429cb0
                                                                                                                                                                                                                                                                                                              • Instruction ID: a759465b13a9fd02294792463c57d8c973f7ffbfbec39ad6d3e80966dc730d1f
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b0af61e278025f096d1a1fe9771259e478eb976029059cbf2c89efe5c5429cb0
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9041ED75B00255AFEB189B38A86477E3BB6EFC5604F04842DE807C7386FE34AC418795
                                                                                                                                                                                                                                                                                                              Function 046657B8 Relevance: .1, Instructions: 133COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: c85907005c41927dcd4e61ef9549d834585d7660531375f4b1522e7a2b868b56
                                                                                                                                                                                                                                                                                                              • Instruction ID: d63a99711c52ae1a48b006eec0fb50c46a21320cd2c5c7bd89c9a3c7d27fea55
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c85907005c41927dcd4e61ef9549d834585d7660531375f4b1522e7a2b868b56
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C931806550E3C08FD302DB3598696547FB19F93204B1D80EFC486CF693EA19A94BD363
                                                                                                                                                                                                                                                                                                              Function 0466E428 Relevance: .1, Instructions: 132COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 9bb85d96cfa7ad633fe08f3b0423f9bd921808fafaeeb868ff7da26d13cc338b
                                                                                                                                                                                                                                                                                                              • Instruction ID: e9b16a821ed3f7588892d2ac3dfa92959a6979e8481c9faa5fd6337eb754a540
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9bb85d96cfa7ad633fe08f3b0423f9bd921808fafaeeb868ff7da26d13cc338b
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3C416C74B102159FDB14DFB9D854AAEBBB2FF88604B108429D812EB350EF75AC06CF91
                                                                                                                                                                                                                                                                                                              Function 0466E438 Relevance: .1, Instructions: 125COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 89f53d3281af4e91e4974ab92fdff3c303f5f25a221faebbc8d2cfc6b5462995
                                                                                                                                                                                                                                                                                                              • Instruction ID: a748747f051d5176f70e664edfd8b289e8b6bb0586019cc20eef6b90809d6000
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 89f53d3281af4e91e4974ab92fdff3c303f5f25a221faebbc8d2cfc6b5462995
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D9416C74B102159FDB14DFA9D854AAEBBF2FF98604B108429D812EB350EF75AC05CF91
                                                                                                                                                                                                                                                                                                              Function 046685B0 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 3eb7ecf8f21209eb15a3a78617c697cc3f38126d0e30de1a807b098b77393ac2
                                                                                                                                                                                                                                                                                                              • Instruction ID: ca7597f020412f7f6396afd872a8c51726e8b2c3d3c39e0f0c6d47aa3f9d64c5
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3eb7ecf8f21209eb15a3a78617c697cc3f38126d0e30de1a807b098b77393ac2
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 54416875B006058FDB14DF69C480A6ABBF2FF89314B158969D45AAB361EB30FC41CB90
                                                                                                                                                                                                                                                                                                              Function 0466858F Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: b797ea84494be990640d81b40c1d009eb8dcb0bb951cad66aeab7469b112e005
                                                                                                                                                                                                                                                                                                              • Instruction ID: d297ba6e1c015ec0442b07024fd2a12723a38c0aae35f5c377afa937d6aa0bc3
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b797ea84494be990640d81b40c1d009eb8dcb0bb951cad66aeab7469b112e005
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F3418A75B016048FDB14DF69C080A6EBBF2FF99314B158959D45AAB351EB34F842CB50
                                                                                                                                                                                                                                                                                                              Function 0466F681 Relevance: .1, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 74ae703a2b90908c5bdecc98e5f75931669be9fbdd032438aa4fbab33df79092
                                                                                                                                                                                                                                                                                                              • Instruction ID: e5259c36fea8b59bd361627091bcfb78ba1b3674a1bef2adaf9bafbfd7aebc7b
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 74ae703a2b90908c5bdecc98e5f75931669be9fbdd032438aa4fbab33df79092
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BC41E7317042558FCB15DF39E8549AEBFF6EF8A204B04446EE146CB362EA34ED06C751
                                                                                                                                                                                                                                                                                                              Function 0466E1E0 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 29f57164b0309c2b8799b10d76bfd44a4080590d2fc5f0c5eb21f453c8d6580e
                                                                                                                                                                                                                                                                                                              • Instruction ID: 069b8e61523fc12649fa8502dd015a7ed8ac861b1c57e82357f290d271ece0b5
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 29f57164b0309c2b8799b10d76bfd44a4080590d2fc5f0c5eb21f453c8d6580e
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DC414A39E002598FCB14CFA9D58499DBBF2FF89300F258159E806AB365EB71ED46CB40
                                                                                                                                                                                                                                                                                                              Function 04661F08 Relevance: .1, Instructions: 108COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 740fa2e753b9229d1e2cd02ca88aca7697cf3e23d4cc6f24dae8f69d4ecc7a4a
                                                                                                                                                                                                                                                                                                              • Instruction ID: 646830c9c2b0434c65d79b7a7b387b9146d146772af4500b347a25d169e18b59
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 740fa2e753b9229d1e2cd02ca88aca7697cf3e23d4cc6f24dae8f69d4ecc7a4a
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 35317F36B043457FD7349A30B96166A7B56CB91350704406EEA0BCF291FE357801C3F6
                                                                                                                                                                                                                                                                                                              Function 04664E90 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 4127a43257e7556b7d7a6b959b12ce41f05611112274bf41c74fc6fdf9edcf19
                                                                                                                                                                                                                                                                                                              • Instruction ID: 1019004b79c8187b538fb8cfdb2b3f474a938522d5aa61a38aef1d29d5d24c38
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4127a43257e7556b7d7a6b959b12ce41f05611112274bf41c74fc6fdf9edcf19
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D931D071600249CFDB01DF68D890A9A7BB2FFD5208B14859EE8058B356EB30F906CBD1
                                                                                                                                                                                                                                                                                                              Function 04662268 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 5f0713f4193810d58e9fc69ffb9fad5348a00fd0a4980ad9371c7fe528b33a25
                                                                                                                                                                                                                                                                                                              • Instruction ID: 0e2061b15de16a41211bc347c14cf3b34b03d548d120140256c8879f8362be48
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5f0713f4193810d58e9fc69ffb9fad5348a00fd0a4980ad9371c7fe528b33a25
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F4411D75B111149FDB54DF68D89099EBBB2FF8C714B10816AE906EB360EB31EC41CB94
                                                                                                                                                                                                                                                                                                              Function 0466F6A8 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: d4f14b923ecc63f6b41deb5bb72a73ed0843d4b0630dbfa975730f6a668bce96
                                                                                                                                                                                                                                                                                                              • Instruction ID: 472f3c4a3b8cfcf252186b85380df2221a98a1aad6d8d79115aa1351eb9adc6a
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d4f14b923ecc63f6b41deb5bb72a73ed0843d4b0630dbfa975730f6a668bce96
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DA41AD307002558FCB15DF79E898AAEBBF6EF89204B04446DE546CB361EA74EC05CB90
                                                                                                                                                                                                                                                                                                              Function 0466B080 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: b7bd69b00300d274db0d8a1162dbda9c604b5177ec462684e1a5bb4c1b2d1848
                                                                                                                                                                                                                                                                                                              • Instruction ID: 8ed0fd3b5779a75a1c94f91c81f2de9cd8e774a09014a3a91fbe5a8114dd2b87
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b7bd69b00300d274db0d8a1162dbda9c604b5177ec462684e1a5bb4c1b2d1848
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 14318D35B00115DFDB14CF69D884AAAFBEAEF88614B18C16AD519C7315EB70F8418B90
                                                                                                                                                                                                                                                                                                              Function 046645C8 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 9be18739388f7314e1b1e6c388079b8c8d3b4663e7ba515dd73b7520f7794601
                                                                                                                                                                                                                                                                                                              • Instruction ID: fc6ebdce4ef09eacfdf1472abdc5636465cd96482c9c823cc0fb13b3d7f9d1cb
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9be18739388f7314e1b1e6c388079b8c8d3b4663e7ba515dd73b7520f7794601
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1621E0357012049FE714DF6DE89496E7BE6EFCA31471880A9E64ACB351EE30EC038B91
                                                                                                                                                                                                                                                                                                              Function 04661062 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: b10f834bd3d7c2bbcb446062d435895838852867d47b81ba6c90720000f88e5d
                                                                                                                                                                                                                                                                                                              • Instruction ID: 204a9b405cb38f61249dfe6ba682c270bd1e7e637d2a247f4c06ffe0d3f86bbb
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b10f834bd3d7c2bbcb446062d435895838852867d47b81ba6c90720000f88e5d
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F7213E32B05264ABDB20CE7589506EEBBA9DB96350F04406BD507D7382FE34ED079791
                                                                                                                                                                                                                                                                                                              Function 0466C558 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: dfd6f6bddc4672cde7b0c311fd6bd9240dbac84cf103b8c94dcc7b03495ce314
                                                                                                                                                                                                                                                                                                              • Instruction ID: 066028cfe8bcd9410155e3c0fde0c840f7cf6d179fede63cffdf4298d237d6f0
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dfd6f6bddc4672cde7b0c311fd6bd9240dbac84cf103b8c94dcc7b03495ce314
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 75316C35200A42CFC325DF25D598966BBF2FF893147048A69D58B8B762EA34FC46DB90
                                                                                                                                                                                                                                                                                                              Function 04663719 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 69aa48aaeb63a4babfb947059d982379172923815dd15a0893a20a5f90fb0c79
                                                                                                                                                                                                                                                                                                              • Instruction ID: c9b18ca98f8ddd6a3e08409ace1ed5cef9f232239dd499198fdf26ceac0af614
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 69aa48aaeb63a4babfb947059d982379172923815dd15a0893a20a5f90fb0c79
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 51218B71B00255AFEB18DE24D945B7E7BAABF84608F00842EE80BD7395FF35A9418754
                                                                                                                                                                                                                                                                                                              Function 0466B598 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: f29260252c389595665e8110ad368ca3bda5b33b0c93726a0cf2a3b97b7ceaa7
                                                                                                                                                                                                                                                                                                              • Instruction ID: 92503e828064ca86dde982aafbee9e2b797336c6637e264ef39489f3c07f59cd
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f29260252c389595665e8110ad368ca3bda5b33b0c93726a0cf2a3b97b7ceaa7
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7121AC39B00219CFEB149F75E855AAA7BA6EB85B15F10C066E906C7341FF31AC42CB90
                                                                                                                                                                                                                                                                                                              Function 043CD6A4 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000002.2339487702.00000000043CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 043CD000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_43cd000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 871e884dab82a9c03fd6ab7e8c94798e9bbed830332508089845c614bd7ef75b
                                                                                                                                                                                                                                                                                                              • Instruction ID: 22d54322088229b7cca71c636620e3f6011e9501b53851b3a7ce1a03ccd75135
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 871e884dab82a9c03fd6ab7e8c94798e9bbed830332508089845c614bd7ef75b
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 992125B6644244EFDB05DF14D9C0F26BF65FB84324F20857DE9090B646C336E856CBA2
                                                                                                                                                                                                                                                                                                              Function 0466B930 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: d50b5002e76ab5c938ef27d37e296c8544933f97b9fcfc5ea6951f24b6a8eec6
                                                                                                                                                                                                                                                                                                              • Instruction ID: 5fab1000a5e64ae96727cf69fd8ee4a09f3aad4cb202d604985d9ccd456a0b71
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d50b5002e76ab5c938ef27d37e296c8544933f97b9fcfc5ea6951f24b6a8eec6
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 551190753042118F9714DE2DD890A6BB7DAEFD9620318813ED94ACB345FE70FC018790
                                                                                                                                                                                                                                                                                                              Function 0466AF10 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 62acefeb66e5545118ce9a49877c595b40cb646c17a00d1f60e50dcfb9ce3350
                                                                                                                                                                                                                                                                                                              • Instruction ID: e00fdb8fca22070090594778f44e17c054ed0b47f4b5e0d7b9efe05c41761962
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 62acefeb66e5545118ce9a49877c595b40cb646c17a00d1f60e50dcfb9ce3350
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 971151357042018F9B149AAEA49499AB7DAEFD9264718802BF50EC7759EE71EC014391
                                                                                                                                                                                                                                                                                                              Function 046628F8 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: decfe9a2631d646c1bae6f109557b91250543986fe6aa9509e78e306ea06382d
                                                                                                                                                                                                                                                                                                              • Instruction ID: 6fcf6f58302323ebf1fba9fc8177cac0c2be17567dd9743a712afb4b5a4452ca
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: decfe9a2631d646c1bae6f109557b91250543986fe6aa9509e78e306ea06382d
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8C115EA680E3D55FD7039B74ADA11C93F70AD2314870A40E7C581CB1B3EA149A0BC791
                                                                                                                                                                                                                                                                                                              Function 04665F48 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 2c740d21a6cc56ea9bd935d6287acc09e0cbebfb09d2c2666481544f47be29fa
                                                                                                                                                                                                                                                                                                              • Instruction ID: 3fd4bc54ef1a2921237e52028f2aa1eec78ef63783c2114317caeb72f90bdd41
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2c740d21a6cc56ea9bd935d6287acc09e0cbebfb09d2c2666481544f47be29fa
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 42215E34B101189FDB089F69D455AAEBBF6FF88614F24801DE502AB390EEB1AC018F91
                                                                                                                                                                                                                                                                                                              Function 04665F38 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: e6853f545664ee705a79f8f30e573b6692c696e10b67d60762a4a39c609db582
                                                                                                                                                                                                                                                                                                              • Instruction ID: ca827236bd3ab70d02c8624dff39929661140ef044795d804129bde01898ee9b
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e6853f545664ee705a79f8f30e573b6692c696e10b67d60762a4a39c609db582
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FD215E35B101099FDB089F69D455AADBBF6AF88614F14801EE502AB3A0EE75AC018F91
                                                                                                                                                                                                                                                                                                              Function 046630FC Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 937b3c8af0e7fe04db0112a1b36ae081d54e0307ccb4765a2b43426817041106
                                                                                                                                                                                                                                                                                                              • Instruction ID: ddcecaf0254a59070f2a051f8cfe81b6d52bc2c5d9b0cf4687a109427ea489ba
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 937b3c8af0e7fe04db0112a1b36ae081d54e0307ccb4765a2b43426817041106
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1A11C621B087546BF7256A34A51037E7B9A9B82714F01446ECC43CB782FE54EC4587E5
                                                                                                                                                                                                                                                                                                              Function 0466A219 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: f8ac0ad1d9548e4294784f7f7ef399127f643cfdd7156b8fea5d215df424b680
                                                                                                                                                                                                                                                                                                              • Instruction ID: 7ca74178b8ed6ee81da823c6296bdaa65aed9e5c196c6bfe2822286206209503
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f8ac0ad1d9548e4294784f7f7ef399127f643cfdd7156b8fea5d215df424b680
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 27215C30A402099BDB14DF9AC584B9EBBF5EF89710F249459D806BB350EB71ED42CBA0
                                                                                                                                                                                                                                                                                                              Function 04663A29 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 599e6f560be79ed7e432d253344ef2f9775b997c0d528fe23cb821e460593d07
                                                                                                                                                                                                                                                                                                              • Instruction ID: 7ed84c20c1ccdf1075eb2f75572e0672025c23029637bef031754228c8b4003a
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 599e6f560be79ed7e432d253344ef2f9775b997c0d528fe23cb821e460593d07
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F3215034A00205AFDB18DF64D991A9DBBF6EF8C314F149029D406A7390EF75AC45DB94
                                                                                                                                                                                                                                                                                                              Function 04662258 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: a9156f2c7122d9a535b486d55779c23c9f188c6ad01ec6180547e054c7a9e96f
                                                                                                                                                                                                                                                                                                              • Instruction ID: 4f9bed748d88664d1bb2ef76395b61b512d4455960b7e34e3942e20cfbb439d7
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a9156f2c7122d9a535b486d55779c23c9f188c6ad01ec6180547e054c7a9e96f
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0521FC75E112089FCB54DF68D48099EBBB2FF4C710F10816AE905EB364EB31A942CF94
                                                                                                                                                                                                                                                                                                              Function 04663A38 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: f2cdea8040791432a4a693d6813cee687ec0c651a862761ea285af6ce181665a
                                                                                                                                                                                                                                                                                                              • Instruction ID: 9079a131886ef9ddba512fdd467f12002f89cffab23d6ff24d4e4d79cf15d8b5
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f2cdea8040791432a4a693d6813cee687ec0c651a862761ea285af6ce181665a
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 79117234A00204AFDB14DF64C850A9E7BF6EF8D324F148029D806A7380EF76AC45DBD4
                                                                                                                                                                                                                                                                                                              Function 04663370 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: c5beeb68cbf00386ca1f572eb05d5c76413c8578c20cbcf6f91e540106007add
                                                                                                                                                                                                                                                                                                              • Instruction ID: b74b45eb341e148ba11ab2124c52dfbb00191e5ca586b5b36d49efb12cc65079
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c5beeb68cbf00386ca1f572eb05d5c76413c8578c20cbcf6f91e540106007add
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5E119375B002159FCB08DFA5A44556EBBF6FBC8700F11802AF905C7251DF349D169B90
                                                                                                                                                                                                                                                                                                              Function 04661958 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 29c21238ce40ddfd23608642dd5debf37741cd52988930f168b753f301edae67
                                                                                                                                                                                                                                                                                                              • Instruction ID: 7aa9b4ed8511776541c675a5953f43321dd0141bf7e24e94dc610582d898f11c
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 29c21238ce40ddfd23608642dd5debf37741cd52988930f168b753f301edae67
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3111AF34A00604FFDB24CF64D959AADBBB2EF8C320F148019E90A97340EF3A9C45CB91
                                                                                                                                                                                                                                                                                                              Function 0466AAE0 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 94b00bf7d655e762d9de51e18b92915af6accf03b5dd334ed6cfeb1378081d70
                                                                                                                                                                                                                                                                                                              • Instruction ID: 1471218365843940b85fa23d58cb2395c81d4321fa1397984dad3e120bcab342
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 94b00bf7d655e762d9de51e18b92915af6accf03b5dd334ed6cfeb1378081d70
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5D21B874E00209DFDB04EFA8D490AAEBBF6FF89314F504499D546B7354EA30AA41CB91
                                                                                                                                                                                                                                                                                                              Function 04663380 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 304721b867d27f53ac181fbf8fe784a5257a4403fcd2c70621b93e64f57593c9
                                                                                                                                                                                                                                                                                                              • Instruction ID: c5ea6243ac3d6c623672425acc124831150a8b1858b8acc27298f0702220bcd0
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 304721b867d27f53ac181fbf8fe784a5257a4403fcd2c70621b93e64f57593c9
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 06118279B002156FDB14ABA598449BFBAFAFBC8600F00802AF906D7340EF755D129B91
                                                                                                                                                                                                                                                                                                              Function 043CD69F Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000002.2339487702.00000000043CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 043CD000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_43cd000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 3ffd99d9148181627ee838eaeb1b4c9f99688e801307f93cc204ac647268847d
                                                                                                                                                                                                                                                                                                              • Instruction ID: 543dcfc8aff2fa1c2ade02f61deaea480f04afa6e6af111a3a54f4bba0e6cc20
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3ffd99d9148181627ee838eaeb1b4c9f99688e801307f93cc204ac647268847d
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D111D3B6544284DFCB16CF10D9C4B16BF71FB84314F24C6ADE8494B656C33AE85ACBA2
                                                                                                                                                                                                                                                                                                              Function 04661378 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: a63d7456a5be1a22337d1bbe393715e4d5241fdaf00edfee91851eebdab83426
                                                                                                                                                                                                                                                                                                              • Instruction ID: ce7a546ac0ec1c4d0b4ba74a932262fc5496468672e81c8267bb4c0bdfa1f60f
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a63d7456a5be1a22337d1bbe393715e4d5241fdaf00edfee91851eebdab83426
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7721F0B0D00249CEDB20DFAAC481AEEFBF0FF89310F14852AD959A7240C7356905CFA1
                                                                                                                                                                                                                                                                                                              Function 04661380 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 4dfc60b4bc7f2a4530f764429f2d05b35dbab4d85096f4714b745c9934a01703
                                                                                                                                                                                                                                                                                                              • Instruction ID: fdb52891a293dff11830612819a9958fd10b7e34fb5efa4c158126c3a1331f89
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4dfc60b4bc7f2a4530f764429f2d05b35dbab4d85096f4714b745c9934a01703
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6A11E3B0D042499FDB10DFAAC881AEEFBF4FF89710F108419D55967240C7756905CFA5
                                                                                                                                                                                                                                                                                                              Function 04661968 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 31019ad63798dee7aee085481d9cb75dad169eebac842d8d034102103978d8f7
                                                                                                                                                                                                                                                                                                              • Instruction ID: b836fd3b06e0d96743f7aafb690aee7b06ce27574d8d5bb242a5377e00f44213
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 31019ad63798dee7aee085481d9cb75dad169eebac842d8d034102103978d8f7
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7D116035600614BFD724CF54D954AA9BBB6EF8C320F145019E50BA7380EF7A5C45CB94
                                                                                                                                                                                                                                                                                                              Function 04661440 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 37104d26b86727e238f9d3f4e5dbd630e0f2abfe658cdd2e28ee6427c5d3430d
                                                                                                                                                                                                                                                                                                              • Instruction ID: 3d05345edbbced2f9a8e34215832420f67a7c2201c8c49ebf9a3f9c671b9a305
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 37104d26b86727e238f9d3f4e5dbd630e0f2abfe658cdd2e28ee6427c5d3430d
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2F01D834A093856FCB25DF74A9752653FF5DEC321070508AADA0BCF251FA259C08C7D2
                                                                                                                                                                                                                                                                                                              Function 04663980 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: b3c7acf869918cfac55f2bcedee5d030e06451a24b640526c2be6de6e63e640e
                                                                                                                                                                                                                                                                                                              • Instruction ID: 600331e4e80344a1898b320695d7b2e3f41f3f6238a2b02173baff22a2ff64e6
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b3c7acf869918cfac55f2bcedee5d030e06451a24b640526c2be6de6e63e640e
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E3017B32A443540FF3016E60B411BE67F899B53315F01405BD8458B2E2FF2894859B90
                                                                                                                                                                                                                                                                                                              Function 0466B920 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 84793a952e84d3a666d6b14dce073dec43cbe62b9ee12649d8a87ebdb3680c49
                                                                                                                                                                                                                                                                                                              • Instruction ID: f6120e68f27f9484bdc94e51c84f370c7d990e3f6bd699573719bf2ba94016f9
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 84793a952e84d3a666d6b14dce073dec43cbe62b9ee12649d8a87ebdb3680c49
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1001A7753402109FD714DE58D4A0E66BBEDDF8A7607154169D909CB751EB31FC01C750
                                                                                                                                                                                                                                                                                                              Function 043CD005 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000002.2339487702.00000000043CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 043CD000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_43cd000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 4b2b4fe1deb209cff175076f5ee8996e324534026035afab8f01ef2fe7130fe2
                                                                                                                                                                                                                                                                                                              • Instruction ID: 931debb2d2a08906e3f1ac4b2cc09c5daf18db80d6c38fc539e0d18f2a067e97
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4b2b4fe1deb209cff175076f5ee8996e324534026035afab8f01ef2fe7130fe2
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9D012D6140D3D09FE7134B259C94652BFA4DF43624F1985DBE9888F1A3C2695C45C772
                                                                                                                                                                                                                                                                                                              Function 0466B070 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 7205b04313860ebfe0a9d65e0cf3d72446d79d7a71e3fd7921f15da08d7a0049
                                                                                                                                                                                                                                                                                                              • Instruction ID: b47d9e24c413db4c3a62047ec2e2594a3a122c9866c7132bd8222ac0fc554d1b
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7205b04313860ebfe0a9d65e0cf3d72446d79d7a71e3fd7921f15da08d7a0049
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2801F2357002029BC714DA25D88095AFFEAFFC9210714C27AD518CB351EB34E846CB90
                                                                                                                                                                                                                                                                                                              Function 0466CB90 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 105c7dd6d6e2eee6b495f0c5937fd9af19260dcb7b15445c10d5815c79bae42c
                                                                                                                                                                                                                                                                                                              • Instruction ID: b19b71d43ceae5d2991c0aef73cd1e86047e1881dc20cecc54fca11e53e65e3c
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 105c7dd6d6e2eee6b495f0c5937fd9af19260dcb7b15445c10d5815c79bae42c
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: ACF096363085244FD7044A5DAC8452FB7EDFBD8965314017AE50AC3350EF61DC0187A0
                                                                                                                                                                                                                                                                                                              Function 043CD01D Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000002.2339487702.00000000043CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 043CD000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_43cd000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: be3c36eeafe231d889bb20cabb1e4614361fbad5209808c57312cb4d75b539d4
                                                                                                                                                                                                                                                                                                              • Instruction ID: 32eab308515b7e269efb8cabd58f82202a9f27f28a72458f3e8d189a7ef12893
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: be3c36eeafe231d889bb20cabb1e4614361fbad5209808c57312cb4d75b539d4
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CD01F271104750EAE7104E29ED80B67FF98EF42760F08852EFD080A282C378AC46C7B1
                                                                                                                                                                                                                                                                                                              Function 046656C2 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 99da0be7399c638eaf6338d33a064621bcfd411c58dced1fdac86887b2b7962e
                                                                                                                                                                                                                                                                                                              • Instruction ID: 9626a557f81ba7ae3583723c39bdefaee5b8f97c5f58cfac8c1642f1e805eaf4
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 99da0be7399c638eaf6338d33a064621bcfd411c58dced1fdac86887b2b7962e
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4F01D431200700ABE3149BB6E4545AD7BE5EFC231C740851DD10B9B251EFB0BD0A87A1
                                                                                                                                                                                                                                                                                                              Function 04661829 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: cd4054e081ca443f0873cc8878117f3318da01ad42ac76ed252698049ac6c785
                                                                                                                                                                                                                                                                                                              • Instruction ID: f6ae6f5fca241cb5b8d044e371cb0b75eebc3068863387bcf152f70467231064
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cd4054e081ca443f0873cc8878117f3318da01ad42ac76ed252698049ac6c785
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7C018F35B00119A7EB08DE68C5513EE7AA7AB89304F14842DE506E7380DE756D01DB95
                                                                                                                                                                                                                                                                                                              Function 046667E2 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 5b1f358804a4cce6bbc2149c310ba5ec6f06a47b2abb621506dcb667da755a6e
                                                                                                                                                                                                                                                                                                              • Instruction ID: 81eb50b2d60b4db6d4ee87870deb53535b8bcf41b43a074ebde016c67f45c68b
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5b1f358804a4cce6bbc2149c310ba5ec6f06a47b2abb621506dcb667da755a6e
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 660152B4D01209EFEB44EFB8E55159C7FF5EF45204B0091A9D505AB351EB30AF099B51
                                                                                                                                                                                                                                                                                                              Function 04666769 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: b9a7c4ac4c103f0b759af4cb949229857a0ab22e75a673832d52ee8128ab0686
                                                                                                                                                                                                                                                                                                              • Instruction ID: 9085fdb773e60630d4b6fcbf30c54a1dc261720e29e1ce2e6c3a31abf33d31ca
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b9a7c4ac4c103f0b759af4cb949229857a0ab22e75a673832d52ee8128ab0686
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B0012879A01505EFDB10CF68EA9066DF7E6FB89325B608639C4179B344E731E849CB80
                                                                                                                                                                                                                                                                                                              Function 0466E3EB Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: d3296c2d1bf4fa56e932d8f945c1b003a2eb36a3d85fd746327ece004b38e99c
                                                                                                                                                                                                                                                                                                              • Instruction ID: c41ee9650b322a630213d7aba44ecc4c30ee20005623ba5923862a19ec8b252c
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d3296c2d1bf4fa56e932d8f945c1b003a2eb36a3d85fd746327ece004b38e99c
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E501F43AB102218BE7159A68E8503BE7763FBC4214F14C01AD6067B340FF71BC068BC1
                                                                                                                                                                                                                                                                                                              Function 0466E36A Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: b65522d9017a45eab32bc633e50563b87ebb0507db830f7ade4ba4302c1b2355
                                                                                                                                                                                                                                                                                                              • Instruction ID: 4d6d30ef08b63463e96f56d8174ab07796a2ee6f41298db26e31766243afbbdb
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b65522d9017a45eab32bc633e50563b87ebb0507db830f7ade4ba4302c1b2355
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DEF0223BB102214BE7159A68E8103BD3363FBD4220F14C02AD606AB340FF71BC068BD1
                                                                                                                                                                                                                                                                                                              Function 0466CB7F Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 68e38212792a8ea13276087f04b8cc44c4bb32a159f89c29aa20290f1222d2f4
                                                                                                                                                                                                                                                                                                              • Instruction ID: a0115a2cdb11a82bba7d8fae191295c410d5addc9f45e281eb37dd88d4e03fae
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 68e38212792a8ea13276087f04b8cc44c4bb32a159f89c29aa20290f1222d2f4
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 12F0CD363086114FD7048E19A89092BBBB9EBC9A9430101AAE109CB3A2EE71DC02C790
                                                                                                                                                                                                                                                                                                              Function 0466AF00 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 0bc93a373744cc60a0dc846120f64efe91881443dfa4359efd25485713127dc1
                                                                                                                                                                                                                                                                                                              • Instruction ID: 6f0c4bac0becd8a8c74607400c2c97520b020216ac063690fe31496b4bba378f
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0bc93a373744cc60a0dc846120f64efe91881443dfa4359efd25485713127dc1
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 47F027B6B042015F97188B9E6890997BBEEEFDA624305806FF10EC7316FE70DC0247A0
                                                                                                                                                                                                                                                                                                              Function 046656D0 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 0cff59a9985756629238e594560ecb8cb3e8c7f132d9ba49d9fef51fc125f7b8
                                                                                                                                                                                                                                                                                                              • Instruction ID: ad58a60a83e4f8c57a80670610ce945fa3f520ec5365341c8210c004b2329713
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0cff59a9985756629238e594560ecb8cb3e8c7f132d9ba49d9fef51fc125f7b8
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 99F0A431200304ABF314ABBAE45467E7AD6EFC1218780852CD10B9B240EFB1BC094BA1
                                                                                                                                                                                                                                                                                                              Function 0466576F Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 52eaffb25b89a7cc4754cad0fc0926fd24d7b28a5e7fe57ef7cbe04cab57229c
                                                                                                                                                                                                                                                                                                              • Instruction ID: e8389f515cb0cc949e93be6281d0acc064b49743bc2770529838261859bcf4bf
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 52eaffb25b89a7cc4754cad0fc0926fd24d7b28a5e7fe57ef7cbe04cab57229c
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B8F027B3600A514FF312FB28F5515D87BA6EFC03383018569C98B8B6A1EF207E074388
                                                                                                                                                                                                                                                                                                              Function 046646A0 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: ac74bdcb21cd9a0eb193239fb933b9643e229fc7ae453fe41dde106e18c24ace
                                                                                                                                                                                                                                                                                                              • Instruction ID: 3a3acd0fa3c54e76e19032ec9dd8138c1c50ebe0ee10cab13e3a4a9b582d7d2b
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ac74bdcb21cd9a0eb193239fb933b9643e229fc7ae453fe41dde106e18c24ace
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 52F058A690F3C54FD303C77499AA5C47F709D2366134E00CEC58A8B227F88A9A07E352
                                                                                                                                                                                                                                                                                                              Function 046667F0 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 9aa01cfb7874c91499718571b8f47784d792cea29cec45592af6a931c8fa173a
                                                                                                                                                                                                                                                                                                              • Instruction ID: 81227286d667ba7e095d2e8a998b640733a2f867f37186b51e23931a93477156
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9aa01cfb7874c91499718571b8f47784d792cea29cec45592af6a931c8fa173a
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 58014B70E00209EFEB44EFB9E4405ACBBF5EF89204B0081ADD405AB340EA30AE098B81
                                                                                                                                                                                                                                                                                                              Function 046668D1 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 231a5144c68e85cfb08b0b475948272f8a2a94075dfc26569eaafe180c9c53fd
                                                                                                                                                                                                                                                                                                              • Instruction ID: 4eebb4ea4853dce0f39938afa1c08dbfc1f526aed71936a83ea5391185aca1a4
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 231a5144c68e85cfb08b0b475948272f8a2a94075dfc26569eaafe180c9c53fd
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2BF062366042059FC716CF55E541C49FFF9FB893103058096E948CB361E730EA05CB50
                                                                                                                                                                                                                                                                                                              Function 04664551 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 749446ea2f150273d197855c28ffdd94d6da99b824a44955526b433449926be4
                                                                                                                                                                                                                                                                                                              • Instruction ID: 7f04cbdea0c1f62dc7f46a1c5b9e43a94eca44eb7d7386012585282127b435a3
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 749446ea2f150273d197855c28ffdd94d6da99b824a44955526b433449926be4
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2FF0B4322046115BE316AA69E56045ABFEAEFC625430084AED50D8B251EE60FD058B96
                                                                                                                                                                                                                                                                                                              Function 0466A369 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 9bdfc471a05dd31113c34a6c0dbf8418125800973c8361adf46841be1f39a261
                                                                                                                                                                                                                                                                                                              • Instruction ID: 2f79eaba678a606abb59787dc70f4e1578235881cefc665cf0fd01d2021011a2
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9bdfc471a05dd31113c34a6c0dbf8418125800973c8361adf46841be1f39a261
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 78F052352092608FE30A5B74C4041597F62AF86224328C1EDC84A9F382DF22EC03C7A1
                                                                                                                                                                                                                                                                                                              Function 04665752 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: bd16d62a6dafccef53f1acf8b70689bbf3b74eb2074b780114128787bc23ac6c
                                                                                                                                                                                                                                                                                                              • Instruction ID: cce7bf87c014b68f00770783c48aee8afca51b3f26d4fc0bc8c3a55cc001c83b
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bd16d62a6dafccef53f1acf8b70689bbf3b74eb2074b780114128787bc23ac6c
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5EF0A7362007059FE700EB68F8969DD3BA9EFD12143044469D60ACF711FF60ED069791
                                                                                                                                                                                                                                                                                                              Function 0466C4C9 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 86e0eed26062f644b5284fa242a22193b39ccbd4974173ef393117dfd50af11c
                                                                                                                                                                                                                                                                                                              • Instruction ID: 9ae423dc5ced729cf1a697265d4241270f0de08cfd791e7115966317f266c2ab
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 86e0eed26062f644b5284fa242a22193b39ccbd4974173ef393117dfd50af11c
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 48F02732700B01ABD3329E28EC40AEA77FADBC2750B41026AC5468FE51FAA1FD0583D1
                                                                                                                                                                                                                                                                                                              Function 04666038 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: d4695f034861e468e8c8164cb29d6ddbeedabd7c0c538ed04b32042cab8bea19
                                                                                                                                                                                                                                                                                                              • Instruction ID: c97347207483aed091ea2ab2182e271b9f03212f3d5817b6859a47ea81a479b4
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d4695f034861e468e8c8164cb29d6ddbeedabd7c0c538ed04b32042cab8bea19
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 72F02231104B908FC325DFA9E404696BBF0FF82308B00582DC0CA4B662EBF1BA09C741
                                                                                                                                                                                                                                                                                                              Function 046657A8 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: cbe16249eb78c79dda84da5c6e0c1849eaa05f17eaddc0e983536de13f2e09cb
                                                                                                                                                                                                                                                                                                              • Instruction ID: 4095f3fbee16615e7953e4b70cbe953c42cfd57f254b7beec239162a8a0be13f
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cbe16249eb78c79dda84da5c6e0c1849eaa05f17eaddc0e983536de13f2e09cb
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DCF0BE313003018FE710EB38E8629A93BE9EFCA254305446EE54ACF322EF20ED06D790
                                                                                                                                                                                                                                                                                                              Function 0466310C Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 9dfa6ac31923448f387a48405ebb688441fd1c6092b5f0af4f8d899bb6ace0f1
                                                                                                                                                                                                                                                                                                              • Instruction ID: 1e5e6c6267174cb8e09868c70c1df5fff32d821448553ad5407157ffb8824499
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9dfa6ac31923448f387a48405ebb688441fd1c6092b5f0af4f8d899bb6ace0f1
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D9F0F036A4E384BFE301AB78A465369BFACDB03205F0504EFD9469B153FA2898458785
                                                                                                                                                                                                                                                                                                              Function 046645B8 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 0f03c3d7f3359682e76d8e3bca7b011dd0713ed74237c55ea36862bcb4f26f4b
                                                                                                                                                                                                                                                                                                              • Instruction ID: 2e727e95843517f7f033842ff6b1be71696935990338aca6b5e43e0c44c16542
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0f03c3d7f3359682e76d8e3bca7b011dd0713ed74237c55ea36862bcb4f26f4b
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 16F05E353082428FE7119F7DE8509AD7BE6EFCA3043094569E14ACB762EB20FC428B55
                                                                                                                                                                                                                                                                                                              Function 0466C688 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 77d47d693ee79fd25b109ce9287ecf7c571bbc5e6fd15cc3a5122f7fea7e068b
                                                                                                                                                                                                                                                                                                              • Instruction ID: eea9d03c61fd395cda35d2f4242c132fb7f4f1b00ee5aac7bbb1a59150994b3f
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 77d47d693ee79fd25b109ce9287ecf7c571bbc5e6fd15cc3a5122f7fea7e068b
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4FF0E5353006168FD704DB7AD8044A6B7DBAF892A431495B5DA09C7710EE71DC42D7C0
                                                                                                                                                                                                                                                                                                              Function 04661431 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 973cee6344493c9b4a15ce03294c4cdd925c97196bcd380414571cb1d92bcf48
                                                                                                                                                                                                                                                                                                              • Instruction ID: 2c0618e4855839f952ded5495a14d1692c992930eaa528e61d3108c28998f12e
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 973cee6344493c9b4a15ce03294c4cdd925c97196bcd380414571cb1d92bcf48
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DFF06234A05286AFDB299FB495756693FAAEAC3310305047ECB07CF291FA259800C792
                                                                                                                                                                                                                                                                                                              Function 0466AB90 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: fe95229862cd487ca4e1bfa3b123c14f2a87c486f204eb109099086136972646
                                                                                                                                                                                                                                                                                                              • Instruction ID: 7745f759edbd7d7ece4b8cc1dc26a0330bdd0a9afd895fbbbcfd00a75221b5a6
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fe95229862cd487ca4e1bfa3b123c14f2a87c486f204eb109099086136972646
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FDF0A0313052009FC7199E7AA985855BFB9EB8A62131580FAE50ACF3A2EA24CC069760
                                                                                                                                                                                                                                                                                                              Function 04666880 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: c56a8dc6eddfa814a0e61f76916f0c666ca77cd543bc75d70a9349642a71994f
                                                                                                                                                                                                                                                                                                              • Instruction ID: d37b3c92eca08c66fb59ab9b9e1a871ee1f2d29411a8f2e787b064654247bfc2
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c56a8dc6eddfa814a0e61f76916f0c666ca77cd543bc75d70a9349642a71994f
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 30F0BD751193829FC3168B38EA51841BFB5AB8730431B95D7D044CB173D7609946D7A2
                                                                                                                                                                                                                                                                                                              Function 04664560 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 570658a6a70ca1ee814faba6f55be82f53cc89f0952b0898a579b72f4d12dc77
                                                                                                                                                                                                                                                                                                              • Instruction ID: 068db94729a06570a963da5d2c14c148cf3b642a5dc14c440f311f86b46f39ff
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 570658a6a70ca1ee814faba6f55be82f53cc89f0952b0898a579b72f4d12dc77
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D6E02B3230051017A215AA6EF42056F76DFEFC5264340847DD20E9B340EE20FC054799
                                                                                                                                                                                                                                                                                                              Function 046638B0 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 31c9351639c18784381a91869d4981529531777319d03da5bf485d7bc5a460fb
                                                                                                                                                                                                                                                                                                              • Instruction ID: 4c538ccc3e8c4b8cd284d1e67d2a07354d86c3c74f702fb12463fda2a4b3a63c
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 31c9351639c18784381a91869d4981529531777319d03da5bf485d7bc5a460fb
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 98F0A7207042440DFB245E34A55076A6FC94B42704F02006ECC83CAB96FF94E4918BE1
                                                                                                                                                                                                                                                                                                              Function 046646C8 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 8af991cd85d8f821006c75d83f9b2ab8c7b00482b5ca62e46e69d5206c10dd79
                                                                                                                                                                                                                                                                                                              • Instruction ID: 32f54732c98614d3c236adae171b397c2a2d33dfa9f1b81643f18b7f730dfe2e
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8af991cd85d8f821006c75d83f9b2ab8c7b00482b5ca62e46e69d5206c10dd79
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 78F05874E09248AFCB15EFB8E4A159CBFF4EB45304F0080AAC4489B351EA345B0A8F81
                                                                                                                                                                                                                                                                                                              Function 04666AAF Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 15df90c25b4916dabf72fe39801a0949436db1b320e864a63080eece807840f2
                                                                                                                                                                                                                                                                                                              • Instruction ID: 3177d8953acb73d4e3ae8c16d0689c0330d51d17fcc0576984e7aafc5e77d3b8
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 15df90c25b4916dabf72fe39801a0949436db1b320e864a63080eece807840f2
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 67F06D752042448FD311CF58E990C85BBE8FF6930470680AAE988CF363E721FE1ACB90
                                                                                                                                                                                                                                                                                                              Function 04663CC0 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 141266213a515a04e000f4ccf1b20b2a1e97ad3e88e07953b172f61dc2b6eb11
                                                                                                                                                                                                                                                                                                              • Instruction ID: 0f22db4bd3d7c85aa69393dd6214f732364624f5e7bad9b8b8a9ee80faf2b601
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 141266213a515a04e000f4ccf1b20b2a1e97ad3e88e07953b172f61dc2b6eb11
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7DE020363052504B47051AAD78154F87FE5DFC3A11305405FE905CB3A2DF659E0663D3
                                                                                                                                                                                                                                                                                                              Function 0466C678 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 3fdf02b7f7e42e175e627c0ebdd465af5c885617e5c162239ed30c85a6ee33d9
                                                                                                                                                                                                                                                                                                              • Instruction ID: 69bbf4d41909dd5250e92e16dbba935bb7d808256ea3b1211a817b232bcc0482
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3fdf02b7f7e42e175e627c0ebdd465af5c885617e5c162239ed30c85a6ee33d9
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F0E0DF3A3012468BD7068A709945492FFAAEF86250319D5E2DD488B362EF30D843D791
                                                                                                                                                                                                                                                                                                              Function 0466C1D0 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 932e296cd802a477c9316e33f0b69d046c18cc6a64a8dbd18e1ea525acddaad3
                                                                                                                                                                                                                                                                                                              • Instruction ID: 28fe0bb6d96d0ffb1dcd445d2fcedc1a2cafed136eca6692d98223d21a5d8329
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 932e296cd802a477c9316e33f0b69d046c18cc6a64a8dbd18e1ea525acddaad3
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2FE022312013004BD305FB68F15559E7FEAFBC2358B00142ED8868B340EFB0BD028B91
                                                                                                                                                                                                                                                                                                              Function 046636B8 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 0cfa8bbc40a4569aa7e3c07af7d9aef3d38a138ce3fc30ebf22d8fba1c64544d
                                                                                                                                                                                                                                                                                                              • Instruction ID: 58aeaf2d09f3c057605818a274664fa4c0ff81e479b9a0bd55e1588c2db87737
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0cfa8bbc40a4569aa7e3c07af7d9aef3d38a138ce3fc30ebf22d8fba1c64544d
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9DE01270F0421ADF8B40DFA999001AEBBF4EF48140B208569C91AE7300F332AA42CBD4
                                                                                                                                                                                                                                                                                                              Function 04663C89 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 1e605a9bba3df71686c5d97ff3be37de6e7c1ead6f5c1c3b34ed0e4d8d4a3e23
                                                                                                                                                                                                                                                                                                              • Instruction ID: b5b09938624aca7c427a1866dc44b3a8864f5be2faed5ad5c32e7bceeb73e13e
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1e605a9bba3df71686c5d97ff3be37de6e7c1ead6f5c1c3b34ed0e4d8d4a3e23
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D6E026303092458BCB084B79B9164B07FA4D78234430010A7E90BCF323FB22E621AB81
                                                                                                                                                                                                                                                                                                              Function 046636A9 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: d31bf75ba332b12c2d1f02fdf2291fa8865b4ef56f391058ab265aa136f07dfc
                                                                                                                                                                                                                                                                                                              • Instruction ID: d4207e910ff68928c9fed63b9c423210a7746f72f214bc7c063a26187238c85e
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d31bf75ba332b12c2d1f02fdf2291fa8865b4ef56f391058ab265aa136f07dfc
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 84F0A070F08386DECB14DF68D9415AEBFE4EA89210B1445AEC457DB3A1F731A212CB80
                                                                                                                                                                                                                                                                                                              Function 04662998 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: d9f9b831770d93a0f8cb2277209f8d3f66bfbe79df7a0d84f476dd5eac0b790b
                                                                                                                                                                                                                                                                                                              • Instruction ID: 064711b3364a27f64794327f33f285d664e3f701151cd12ad4d8478c2d6d156b
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d9f9b831770d93a0f8cb2277209f8d3f66bfbe79df7a0d84f476dd5eac0b790b
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F0E0DF766042406FE3129730F9A27C93B61EF86304F01855FE1418F2A2EEA17C078B91
                                                                                                                                                                                                                                                                                                              Function 04663CFF Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: b9f05771e1b3da0f3c5690972546e3606e9e2ce64403f3b624dc23e98d06f097
                                                                                                                                                                                                                                                                                                              • Instruction ID: 9eab8f400768af7243b717aa1a82c63c197e027906f950e58daa8cf5be0722ff
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b9f05771e1b3da0f3c5690972546e3606e9e2ce64403f3b624dc23e98d06f097
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6FE09B70905249DFDB04DF74F96148C7FF9EB45204B1084EEC448DB2A1EE315F019741
                                                                                                                                                                                                                                                                                                              Function 0466C1E0 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: d85379dcfe7714fb097ad10a44e5dd152751bf741ca2319d7357780342b58d6a
                                                                                                                                                                                                                                                                                                              • Instruction ID: 7f2227d6847750eabf3a455176086d70a66e83d3a58cdef20c9905a126c9b9c7
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d85379dcfe7714fb097ad10a44e5dd152751bf741ca2319d7357780342b58d6a
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A4E0C23130031447D314BB69F0045AE7BEAFBC6768B00142DE54687700EEB5BC028B95
                                                                                                                                                                                                                                                                                                              Function 04666AC0 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 1ed6d60a0787dfb3f69e3092fccea72ca2b73bf2b3ca09b97a2be77b07e4ff0f
                                                                                                                                                                                                                                                                                                              • Instruction ID: 9795a7bbc9a9a3bf9cc7b5254a6c734d24bf87c4e7fce1271dd7231163dd71d2
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1ed6d60a0787dfb3f69e3092fccea72ca2b73bf2b3ca09b97a2be77b07e4ff0f
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2BE0EC753042449FD314DF5CD880C95BBE9EF593543558099E989CB312D722FD16CB90
                                                                                                                                                                                                                                                                                                              Function 04663CD0 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 856cfcfe96f87e32ace5f942306acabcb8e8b264631e39e21949d1b4b50c251c
                                                                                                                                                                                                                                                                                                              • Instruction ID: 0ac29e3276cbee191a5aa31569f4d981e91b0f1413d91ccb4a8d353d94139199
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 856cfcfe96f87e32ace5f942306acabcb8e8b264631e39e21949d1b4b50c251c
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F7D0A736300120530704269F74148BE77DECFC6E61304002FFA0AC7340EE75AC4123D5
                                                                                                                                                                                                                                                                                                              Function 046646D8 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 978ff8ed791616a00872e3a4d66369c3689f30a3d10b0b53b522410062fc3c2a
                                                                                                                                                                                                                                                                                                              • Instruction ID: 38d84541eed4810758bb26ef8c1f230769f309561d7c2e454ec958fef13c9cce
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 978ff8ed791616a00872e3a4d66369c3689f30a3d10b0b53b522410062fc3c2a
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 13E0B674E0420CEFCB44EFF9E45459DBBF5EB48300F0081AAD809E7350EA346A058F81
                                                                                                                                                                                                                                                                                                              Function 04660C0C Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 54047d2d5f55b018e1e7b1d27d6cf3006af40383190a088e30b28e21edd4bedc
                                                                                                                                                                                                                                                                                                              • Instruction ID: dce3732434d5a19c91560369d5073e520cf40deee8e6d9227853a7b0827c3a6f
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 54047d2d5f55b018e1e7b1d27d6cf3006af40383190a088e30b28e21edd4bedc
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7ED0A7367111286B52106A18D8559AA7BA9EB85361350843BF90793320ED707C0197D9
                                                                                                                                                                                                                                                                                                              Function 046617F0 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 1db88d2e92f0bd1c01866655a538d8b4696af8aaaeb48ba9e3be8eb84de3835b
                                                                                                                                                                                                                                                                                                              • Instruction ID: 5c1729be992f3700535eae80a9bdd6f66a2296839c01b7cf005f597bd3d311e0
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1db88d2e92f0bd1c01866655a538d8b4696af8aaaeb48ba9e3be8eb84de3835b
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B9D02E3B3081808FC309DB20F0860993F63EB16200308806BE402C76B6CE310492C744
                                                                                                                                                                                                                                                                                                              Function 04663D10 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 287a78a2ee0d62a7069b46403e788616f0ad6802efda0d699dbd7608dfbb0c60
                                                                                                                                                                                                                                                                                                              • Instruction ID: 536066fec99c3543c33baa892395c189afd99bd62d7744b1bff81acf8744cb2c
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 287a78a2ee0d62a7069b46403e788616f0ad6802efda0d699dbd7608dfbb0c60
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E4D01730A01109EB9B04DFB9E92159DBBFEEB49204B1081E9D809EB240EE316E009B91
                                                                                                                                                                                                                                                                                                              Function 0466E32A Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 46b71ec6ca11a7d63b8749941ee41b13bf231d94520594a1b6651e94ee6185f4
                                                                                                                                                                                                                                                                                                              • Instruction ID: 39f49f8c7cece155b22b63e1de67179cc75eec6a961ff8f38666c45c9e38f5a3
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 46b71ec6ca11a7d63b8749941ee41b13bf231d94520594a1b6651e94ee6185f4
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: ADE01234A0564BDBDB14DFE1C5556AE7772FB04709F204415E403AA248EB76990ACF40
                                                                                                                                                                                                                                                                                                              Function 04662968 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 067ba3566af64fd1842b51fcc83946c8fc3df117b07087ff8871661e868dfbaf
                                                                                                                                                                                                                                                                                                              • Instruction ID: 74268b424de7efd3b94bc1f691a8ddc055e55dc191588ac38d4ab3fa6c836672
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 067ba3566af64fd1842b51fcc83946c8fc3df117b07087ff8871661e868dfbaf
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AED05E78911209DFDF00EFB4E91195DBBF9EB45200B20C6A6E408D3211EB315E01DFC0
                                                                                                                                                                                                                                                                                                              Function 0466A3A8 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 49eb22cf1bba9b98fcb2cf2dbf77b1849636a9189133fa0a278c513ff23149c4
                                                                                                                                                                                                                                                                                                              • Instruction ID: 46ef5959481483a30f712e3f31f40ccbfd7e211ecc992b17efec2b5a47291e5d
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 49eb22cf1bba9b98fcb2cf2dbf77b1849636a9189133fa0a278c513ff23149c4
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 74D012352053299B8A055A95D800855B72AAF9666932884ECD94D1B705DA33EC83CBD0
                                                                                                                                                                                                                                                                                                              Function 04663C98 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 278513f976b3a24472514b39f17f03c500e0b09db85cd68de4c2b6eb1972064a
                                                                                                                                                                                                                                                                                                              • Instruction ID: 698b9357a2614bf6fbfae7c2d6cc886bb5eec0109911d3a40f7dfffa969e6c0c
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 278513f976b3a24472514b39f17f03c500e0b09db85cd68de4c2b6eb1972064a
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 21D0C9303142048B8B489B69E5555657799DB8860430088ADA80BCB341FB26F8139A80
                                                                                                                                                                                                                                                                                                              Function 04663938 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 1168f0578ee329e4a6a2b31306be5eac6c66051cf7b308902ad46598e7939ecf
                                                                                                                                                                                                                                                                                                              • Instruction ID: e0c04d55392c218882370301f1b25480a6aad7f9638d7ee84fec0980a66f306c
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1168f0578ee329e4a6a2b31306be5eac6c66051cf7b308902ad46598e7939ecf
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FDD02B317493805ED7149664B1042197B5AC743300F0100AFC906CF551F92998008344
                                                                                                                                                                                                                                                                                                              Function 04660440 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 2d7f60d505f71b2e0d4db4fb9bd42698c0277695162f53c5060d5a8cf2fc5b9e
                                                                                                                                                                                                                                                                                                              • Instruction ID: a50a4b755782b7013f48048047dcf745aff086eb96bd7d033bd104872a04ab5f
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2d7f60d505f71b2e0d4db4fb9bd42698c0277695162f53c5060d5a8cf2fc5b9e
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AED02273C1E380FFD312CA1844C19E63B30EA33200388824BC04086143F227B413C631
                                                                                                                                                                                                                                                                                                              Function 04663A09 Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: f89e2d68b4fca6e7bcdfbe26915d1995015f6eecdeba096e7d2b610675e8bf96
                                                                                                                                                                                                                                                                                                              • Instruction ID: 1e699fe361c7ddd8d70b8b8c46c3706d36a6ea2c3387982e496e39c04c6fd205
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f89e2d68b4fca6e7bcdfbe26915d1995015f6eecdeba096e7d2b610675e8bf96
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C3C04C36210018BBDF152A91A4089FA7F16EF553A1B508026F95A95160EA364960BB51
                                                                                                                                                                                                                                                                                                              Function 046646B0 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 065c40a432929dc223a12f777636f27afa7840f6e17899b87027564a7565086b
                                                                                                                                                                                                                                                                                                              • Instruction ID: bae60c386989f1b38f7cbb81061390c9cd3d9880b23ac0cb7e910d02f5c108dc
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 065c40a432929dc223a12f777636f27afa7840f6e17899b87027564a7565086b
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D1B0927090930CAF8620DA99980195ABBACDA0A211B4001D9EA088B320D972A9105AE1
                                                                                                                                                                                                                                                                                                              Function 0466CAF0 Relevance: .0, Instructions: 3COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000005.00000003.2337987673.0000000004660000.00000040.00000800.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_3_4660000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 9446ddc6f5612a73bb665a3c6cebf8c6da940348add10e818b9cb0b19965ad94
                                                                                                                                                                                                                                                                                                              • Instruction ID: e05d89b5c9c86bab496f1f352c4c3b43d5da476ecee0bc6d0e47bcbb740f3772
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9446ddc6f5612a73bb665a3c6cebf8c6da940348add10e818b9cb0b19965ad94
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash:

                                                                                                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                                                                                                              Function 04E150B8 Relevance: 1.5, Strings: 1, Instructions: 283COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000006.00000003.2352019191.0000000004E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E10000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_6_3_4e10000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: \V{m
                                                                                                                                                                                                                                                                                                              • API String ID: 0-929464540
                                                                                                                                                                                                                                                                                                              • Opcode ID: c59ed5c5c7e7461e28d2b800dbea798e6f75664aa5d6792aaedc0af966253b15
                                                                                                                                                                                                                                                                                                              • Instruction ID: bec6cca066ceaa260ae65fa6f4f28d161d81e6611d647eaa5930e41c1e38e112
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c59ed5c5c7e7461e28d2b800dbea798e6f75664aa5d6792aaedc0af966253b15
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B0B17F70E40219EFDB10CFA9C8857EDBBF2BF88708F149529D815A72A4EB74A841CF41
                                                                                                                                                                                                                                                                                                              Function 04E159A8 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000006.00000003.2352019191.0000000004E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E10000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_6_3_4e10000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 9f3210815ff76257056f00c47c52e8db9ea5f0c8f51315a553f0f9dab60c9974
                                                                                                                                                                                                                                                                                                              • Instruction ID: 82173265971aaa9fa43d0eca1a42b1b71c2e2546cabdd88f1c08d080c9a7403e
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9f3210815ff76257056f00c47c52e8db9ea5f0c8f51315a553f0f9dab60c9974
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0CB15170E40249EFDB10CFA9C881BDDBBF2BF88718F149529D415E7264EB74A845CB81
                                                                                                                                                                                                                                                                                                              Function 04E15705 Relevance: 2.7, Strings: 2, Instructions: 185COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000006.00000003.2352019191.0000000004E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E10000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_6_3_4e10000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: \V{m$\V{m
                                                                                                                                                                                                                                                                                                              • API String ID: 0-2571113180
                                                                                                                                                                                                                                                                                                              • Opcode ID: f8e724491766c4363a2944592011f1c0d159fa5434d9cfa5e380a7ac072a2403
                                                                                                                                                                                                                                                                                                              • Instruction ID: 0a9ae9437ab234e3f8c585b0e3205054634774baddebac8f41d144a15aa2a58d
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f8e724491766c4363a2944592011f1c0d159fa5434d9cfa5e380a7ac072a2403
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 27715B70E00209EFDB10CFA9D8857DEBBF1EF88718F149529E415AB260EB74A845CF95
                                                                                                                                                                                                                                                                                                              Function 04E15710 Relevance: 2.7, Strings: 2, Instructions: 182COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000006.00000003.2352019191.0000000004E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E10000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_6_3_4e10000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: \V{m$\V{m
                                                                                                                                                                                                                                                                                                              • API String ID: 0-2571113180
                                                                                                                                                                                                                                                                                                              • Opcode ID: 5c4cf516aca1e1d9b4ab35bf89cbb9c1d6a5ec821ec3d915b9553b7191fd441a
                                                                                                                                                                                                                                                                                                              • Instruction ID: 0a4f0c6f3634c33decc5b2388e724d5e30611073b0fde435dea58fd63bba35ff
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5c4cf516aca1e1d9b4ab35bf89cbb9c1d6a5ec821ec3d915b9553b7191fd441a
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4B715C70E00209EFDB14CFA9D8857DEBBF2AF88718F149529D415AB264EB74A841CF91
                                                                                                                                                                                                                                                                                                              Function 04E150AF Relevance: 1.6, Strings: 1, Instructions: 307COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000006.00000003.2352019191.0000000004E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E10000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_6_3_4e10000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: \V{m
                                                                                                                                                                                                                                                                                                              • API String ID: 0-929464540
                                                                                                                                                                                                                                                                                                              • Opcode ID: 568a2b73b0ae1b11d364ff5cdce00894bdeab12050c23a40ee67af040a8594d1
                                                                                                                                                                                                                                                                                                              • Instruction ID: 6966ace559ec65c845c3884f69e88609cc82f3237cf65078687df3db495005be
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 568a2b73b0ae1b11d364ff5cdce00894bdeab12050c23a40ee67af040a8594d1
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E4C16D70E40219EFDB10CFA9C8857EDBBF1BF88318F249529D815A7264EB74A845CF91
                                                                                                                                                                                                                                                                                                              Function 04E1599C Relevance: .3, Instructions: 269COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000006.00000003.2352019191.0000000004E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E10000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_6_3_4e10000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: d504333abf2b03c3dd293d4467e2345c84ff782dc6a4fe9e362fda1c037d5b3d
                                                                                                                                                                                                                                                                                                              • Instruction ID: fd71565f582cf028b39c010a3896fe8d1467650af106f8c50e6c85b01d37e2d3
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d504333abf2b03c3dd293d4467e2345c84ff782dc6a4fe9e362fda1c037d5b3d
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DFB17070E40249EFDB10CFA8C881BDDBBF1FF88718F249529D815A7264EB74A845CB91
                                                                                                                                                                                                                                                                                                              Function 04E11080 Relevance: .2, Instructions: 212COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000006.00000003.2352019191.0000000004E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E10000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_6_3_4e10000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: b57453d919dd45b0e34ad7478f5633cdf772dc75117c24d3eec8b51d1b8cfcd9
                                                                                                                                                                                                                                                                                                              • Instruction ID: 20329807cfd2b9bd5a1c7b704e12442ded37f1573329e7a1bf33e0b131e6a4da
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b57453d919dd45b0e34ad7478f5633cdf772dc75117c24d3eec8b51d1b8cfcd9
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3871A435B00214DBEB049BB5D8646BEB6F7AFC9214F148029E606EB3A4DE34AD42CB51
                                                                                                                                                                                                                                                                                                              Function 04E11630 Relevance: .2, Instructions: 156COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000006.00000003.2352019191.0000000004E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E10000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_6_3_4e10000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: f220c5dc0dbb07de633628a05be1d8b95bd37e73c18843ed7dd9fdbc11c4281f
                                                                                                                                                                                                                                                                                                              • Instruction ID: 2dceba50642a08f4b2255fa9b81c4205750fe0b3c3b0c17d6de20b76bea81d2d
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f220c5dc0dbb07de633628a05be1d8b95bd37e73c18843ed7dd9fdbc11c4281f
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9F51E135B012498FDB14DF78D8506AEBBF6FFC9350B14816AE619D7364DA30AD02CB90
                                                                                                                                                                                                                                                                                                              Function 04E10E8C Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000006.00000003.2352019191.0000000004E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E10000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_6_3_4e10000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: c3284c6509063042febd3262069080bc49d218a178825daf47b55ac1b8bfea90
                                                                                                                                                                                                                                                                                                              • Instruction ID: 9015cd557d83823e424775de3bf786cd4d2c857b89bb00e7ae591d1bc0a7ea54
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c3284c6509063042febd3262069080bc49d218a178825daf47b55ac1b8bfea90
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 06412A31B801045BFB18AB69986076E77A7DFC9315F14916EE606FB390CE35AC0683D1
                                                                                                                                                                                                                                                                                                              Function 04E10C1C Relevance: .2, Instructions: 151COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000006.00000003.2352019191.0000000004E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E10000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_6_3_4e10000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 85baa5cc47eb085550068047c5eafb63931492b57709a6525cd33548a0ff4b1a
                                                                                                                                                                                                                                                                                                              • Instruction ID: 712372e5dda56b4c8aa3f2ca0d1eec8a56db09066c4f9541a04f1817d6adf2c9
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 85baa5cc47eb085550068047c5eafb63931492b57709a6525cd33548a0ff4b1a
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E551D230B45204AFEB189B65E4747BE7BB3EF8D314F14806AD50AE7391CE396C468791
                                                                                                                                                                                                                                                                                                              Function 04E11D58 Relevance: .1, Instructions: 128COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000006.00000003.2352019191.0000000004E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E10000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_6_3_4e10000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 6472e9e4935f61fddb55c3991c5ac02d43c6fbf09b6f9b37c686290c527a0178
                                                                                                                                                                                                                                                                                                              • Instruction ID: c19dfe30dc3f2efc597f1e0c0e38029848f825b0c006d7b499337649ec61c2ec
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6472e9e4935f61fddb55c3991c5ac02d43c6fbf09b6f9b37c686290c527a0178
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D4410730A45208AFDB14DFA5E424BAEBFB6EF8D315F10406AD94D973A0CE35AC45C791
                                                                                                                                                                                                                                                                                                              Function 04E11F08 Relevance: .1, Instructions: 116COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000006.00000003.2352019191.0000000004E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E10000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_6_3_4e10000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 10a728ed58c651589e9a4e7445368897964ec6529de488f649d3ac8472f7c599
                                                                                                                                                                                                                                                                                                              • Instruction ID: 29533cd02aae27f143f80fca1d8192345dd6c5f852b7526f5da644fa07d0bfe9
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 10a728ed58c651589e9a4e7445368897964ec6529de488f649d3ac8472f7c599
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CB318C367863492FCB255B61787572ABF6A8F892A5B05505BF708DF2A1DA247800C3F1
                                                                                                                                                                                                                                                                                                              Function 04E12A68 Relevance: .1, Instructions: 108COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000006.00000003.2352019191.0000000004E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E10000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_6_3_4e10000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: c27eeb3d2824bb53a091aaae449f3ca9c9eb566459eebc436bd8c51e28c03d29
                                                                                                                                                                                                                                                                                                              • Instruction ID: 774afc49440f418f90078d5c3a988bb8bd125ef9a43ddfe27d8f58bab20047b1
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c27eeb3d2824bb53a091aaae449f3ca9c9eb566459eebc436bd8c51e28c03d29
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3B31FD75B40115CFCB14EF7998646BE7BE2AFC56157100166DA0AE7360EF30E9028BD1
                                                                                                                                                                                                                                                                                                              Function 04E12268 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000006.00000003.2352019191.0000000004E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E10000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_6_3_4e10000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: f1894e50822fc8d2dcf258af68c53c8d60e3b6c1850ef42f32a9639d3b5f6b0c
                                                                                                                                                                                                                                                                                                              • Instruction ID: 3748f29d14597dfc1d814cae21749f59020a7e430d123b77ba6adba504b0c0bc
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f1894e50822fc8d2dcf258af68c53c8d60e3b6c1850ef42f32a9639d3b5f6b0c
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4C411A35B112199FDB54DF69D8909AEBBB2FF8C714B108169E905EB360DB31EC41CB90
                                                                                                                                                                                                                                                                                                              Function 04E11071 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000006.00000003.2352019191.0000000004E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E10000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_6_3_4e10000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 5dab7126edbe7f259b5c9e8c9e07537b35f9c3d864b107f1e236b62b6ce947ab
                                                                                                                                                                                                                                                                                                              • Instruction ID: 466e3504af71a5055e50eee64e7dd323eddb229f104bda561b312eb6f5d440da
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5dab7126edbe7f259b5c9e8c9e07537b35f9c3d864b107f1e236b62b6ce947ab
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F2212436F4022497DF108E6598647FEFBEADBCC254F04403ADA06D7350EA74EE068791
                                                                                                                                                                                                                                                                                                              Function 04E11BB0 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000006.00000003.2352019191.0000000004E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E10000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_6_3_4e10000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: e6cce2940b451311e6fb4b7ecf4b98e122b0dd687fc5b3a4a161e48a22f244c6
                                                                                                                                                                                                                                                                                                              • Instruction ID: 867ef3a73fa426dfa24266cb20bec65513b3609a9e4f63f982f26b14b55a65eb
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e6cce2940b451311e6fb4b7ecf4b98e122b0dd687fc5b3a4a161e48a22f244c6
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 601140797853405FD7351B369464B2F6F6A9BCE254F0940AADA448F3A2DE249C06C3E1
                                                                                                                                                                                                                                                                                                              Function 04E12258 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000006.00000003.2352019191.0000000004E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E10000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_6_3_4e10000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 29301dece2e268d9f4051f2360658c9f89cf729d883594dae5054f48a56c308e
                                                                                                                                                                                                                                                                                                              • Instruction ID: 0088b7c45238da992765e75a77f53b48d4efe26df2fe1b7f0ff5b861bba51cc0
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 29301dece2e268d9f4051f2360658c9f89cf729d883594dae5054f48a56c308e
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 29214A75E50218DFCB54DF69D8849DEBBB6FF8C714B10916AE905EB320EB31A841CB90
                                                                                                                                                                                                                                                                                                              Function 04E12B18 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000006.00000003.2352019191.0000000004E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E10000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_6_3_4e10000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 01262712f75aca9a639f2727bdf3ba1a649abca0243c621a41278055878530e3
                                                                                                                                                                                                                                                                                                              • Instruction ID: aabb7189dfe25432af4ad7a631dc93e3c6b4f3a77a7b416b621e5e19b8738ccd
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 01262712f75aca9a639f2727bdf3ba1a649abca0243c621a41278055878530e3
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5911C235B001198FDB55ABBD94646AE7BE39FC8259710047DDA0AE7384EF349D028BD3
                                                                                                                                                                                                                                                                                                              Function 04E10F20 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000006.00000003.2352019191.0000000004E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E10000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_6_3_4e10000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 700013d7829d705de7af1a439f88575f98b055256fcdc2720d43d5711342ebb6
                                                                                                                                                                                                                                                                                                              • Instruction ID: c8376f3ef9d00e6a5b812728b682f927496d77494bba53cd19084740e078e71b
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 700013d7829d705de7af1a439f88575f98b055256fcdc2720d43d5711342ebb6
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9801D5797893901BE7291735647472FAF57DFCE354F004096EB08C7320DD249C00C2A0
                                                                                                                                                                                                                                                                                                              Function 04E11378 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000006.00000003.2352019191.0000000004E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E10000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_6_3_4e10000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 4d656d1c1477014e700f16f8b829d37a0741e8787e7f82b7596ee4a605005d64
                                                                                                                                                                                                                                                                                                              • Instruction ID: be462c100aeef75fd625f178f52a8373ff733f8e2c7839cedded6f524eb70573
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4d656d1c1477014e700f16f8b829d37a0741e8787e7f82b7596ee4a605005d64
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AB211370D042499FEB10DFAAC885AEEFBF4FF89714F108429D519A7240C775A906CFA5
                                                                                                                                                                                                                                                                                                              Function 04E11958 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000006.00000003.2352019191.0000000004E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E10000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_6_3_4e10000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: aaee2a900382d1b9eba679b036876b6b70eb3e51b1c74aa7677bda378490d445
                                                                                                                                                                                                                                                                                                              • Instruction ID: e64b41f82c31a48db5393957abe5430eb2749084762c036cb78758f8ac8e4feb
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: aaee2a900382d1b9eba679b036876b6b70eb3e51b1c74aa7677bda378490d445
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AA118E34A01105EFD704DFA4E479AA9BBB2EF8C321F144029D90AE7340DF795C86CB91
                                                                                                                                                                                                                                                                                                              Function 04E11380 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000006.00000003.2352019191.0000000004E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E10000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_6_3_4e10000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 679b6a95429c047adc1389b12f8273d5b37eaa99b76dbb8698c30d9368d2ce44
                                                                                                                                                                                                                                                                                                              • Instruction ID: 7ca60287dfc6b6e06853a26449dbb8122263099020302bb14cd386bf49fd6863
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 679b6a95429c047adc1389b12f8273d5b37eaa99b76dbb8698c30d9368d2ce44
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0F11E0B4D042499FEB10DFAAC881AEEFBF4FF88714F10842AD51967240CB796905CFA5
                                                                                                                                                                                                                                                                                                              Function 04E11968 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000006.00000003.2352019191.0000000004E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E10000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_6_3_4e10000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 4f890da670fb63f3812da1c38b6f5a3a69b2a524d74d9f2259eb2869a9e457bf
                                                                                                                                                                                                                                                                                                              • Instruction ID: 83d0af6f0a7ec92cab45f83e7e107a1ef48cf20f8497e4d04895d424dbf579e8
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4f890da670fb63f3812da1c38b6f5a3a69b2a524d74d9f2259eb2869a9e457bf
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3C113D35A01114EFDB14DF64E474AA9BBB6EF8C311F144019E50AA7390CF795C45CB91
                                                                                                                                                                                                                                                                                                              Function 04E11440 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000006.00000003.2352019191.0000000004E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E10000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_6_3_4e10000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 1759969ac6eb5eb5f201505b6b825d6381227c226187840fae9da1446e93d34a
                                                                                                                                                                                                                                                                                                              • Instruction ID: 32f7c3149116e608cd7798ec6de6dc90746c666ad43327877e348e09ce4159c4
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1759969ac6eb5eb5f201505b6b825d6381227c226187840fae9da1446e93d34a
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1701F734B4A2455FC7199F7478752363FE6EB8660430108AAC64ACF261ED19980983D1
                                                                                                                                                                                                                                                                                                              Function 04B9D01D Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000006.00000002.2352802389.0000000004B9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B9D000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_6_2_4b9d000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 233acceb579f73b7711a55b612f50664eec2a2592438808666f071881485b56c
                                                                                                                                                                                                                                                                                                              • Instruction ID: 32d86265df5227ebdf15d3245c9f989bcbc13b98e5bda90659cf3d8179b0a915
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 233acceb579f73b7711a55b612f50664eec2a2592438808666f071881485b56c
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B101D470104344FAEB104F36ED90B66FBDCEB42724F0881AADD080A242D379AC45C6B1
                                                                                                                                                                                                                                                                                                              Function 04E11829 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000006.00000003.2352019191.0000000004E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E10000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_6_3_4e10000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 346bed29266c9d630591d0ac81324ce99100fccae1d524701209ceccd10e2a47
                                                                                                                                                                                                                                                                                                              • Instruction ID: c620cee8079fc085a9e060545f453bd7ebaa1842b2546024a640c2521273f6ea
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 346bed29266c9d630591d0ac81324ce99100fccae1d524701209ceccd10e2a47
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EC01D131B5010987EB18AB6895A53EF77B79BCC308F108429C201F33A0CE756C0687D5
                                                                                                                                                                                                                                                                                                              Function 04B9D006 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000006.00000002.2352802389.0000000004B9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B9D000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_6_2_4b9d000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 364e684d649ac168bb3f613f8e9c4ac770b800cb063aea04169291d774f6873e
                                                                                                                                                                                                                                                                                                              • Instruction ID: 3cc87488f47920d314bd536ce1a40a108a80c4d41bda91405053377739980561
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 364e684d649ac168bb3f613f8e9c4ac770b800cb063aea04169291d774f6873e
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3A019E6110E3C0AFE7128B218CA4B52BFA8DF43224F0980DBD9888F1A3C2695C48C772
                                                                                                                                                                                                                                                                                                              Function 04E12997 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000006.00000003.2352019191.0000000004E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E10000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_6_3_4e10000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 36489f1b6c49605f2a520361c4ba726f7dc36a00ad471d0ff972ffb4742f0e6a
                                                                                                                                                                                                                                                                                                              • Instruction ID: 720a0a5e79afe9a209836e74dafa7cc6313af738e2f4e684b4471aac9495d4fc
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 36489f1b6c49605f2a520361c4ba726f7dc36a00ad471d0ff972ffb4742f0e6a
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6E01F4302003418FEF159B74E92435D3F63EB46208708E5AEE2429F3A1DF21AC458790
                                                                                                                                                                                                                                                                                                              Function 04E12A78 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000006.00000003.2352019191.0000000004E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E10000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_6_3_4e10000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 5486670b4de0ae9a39308bdef60bc81d1bf00668650bf908d375531d6652c3e7
                                                                                                                                                                                                                                                                                                              • Instruction ID: 82242308c61d9d700737c77b359109edafc61f619ddbe15e132ec5ef7c076423
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5486670b4de0ae9a39308bdef60bc81d1bf00668650bf908d375531d6652c3e7
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DD013175B102158FC704EF79D9155BE7BF2FB89715B100069EA4AE7350EB319D42CB81
                                                                                                                                                                                                                                                                                                              Function 04E11431 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000006.00000003.2352019191.0000000004E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E10000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_6_3_4e10000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 26e7f294143cd4fcec8a8132809bdf514247e44fa603858e95355ebc30bf8168
                                                                                                                                                                                                                                                                                                              • Instruction ID: eaf76cede4c507ea5e7ab3dd219635f918dc7f5399fd75e049bcbc8b3cb7b87a
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 26e7f294143cd4fcec8a8132809bdf514247e44fa603858e95355ebc30bf8168
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7BF0B434B062469FDB189FB570B527A3FA6EBC9754305086EC30BCF3A1EE2998058781
                                                                                                                                                                                                                                                                                                              Function 04E129A8 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000006.00000003.2352019191.0000000004E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E10000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_6_3_4e10000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 91edbb298887059f02f5efdedda2f3fed99d79c0dd0115655f0c08641f9da761
                                                                                                                                                                                                                                                                                                              • Instruction ID: c074d654e5429511e64168479da7e30a5711048806235a7f4278e9511151ba95
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 91edbb298887059f02f5efdedda2f3fed99d79c0dd0115655f0c08641f9da761
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 63F090303002119BEB08AB75E92576A3BA7EB82208704E579E6069B350DE61EC4497D0
                                                                                                                                                                                                                                                                                                              Function 04E12A20 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000006.00000003.2352019191.0000000004E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E10000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_6_3_4e10000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 36ee774550aa9544a1486abbc29f16c16a6b6d5b4ede67cad45bd7166ce0d725
                                                                                                                                                                                                                                                                                                              • Instruction ID: 7b55be3f821c7866b08a1fa34ac23c93a1be1e5e3e67fbc11180b055fa05429c
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 36ee774550aa9544a1486abbc29f16c16a6b6d5b4ede67cad45bd7166ce0d725
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FAE0C07034B3608FDB270AB178242FE3F585F4310230590D7E449E23A1DB0C8D0383A1
                                                                                                                                                                                                                                                                                                              Function 04E12959 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000006.00000003.2352019191.0000000004E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E10000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_6_3_4e10000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: a05f672eaaa5155107fa128b058fa2622a469435c4a3309d702cd55a16f6f491
                                                                                                                                                                                                                                                                                                              • Instruction ID: 40fb7280c29f56503347f2dad33b1dcc8160a60b4f8e2a173506b95111d9ac45
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a05f672eaaa5155107fa128b058fa2622a469435c4a3309d702cd55a16f6f491
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F0E09A7480A28ACFCB01DF75B9256687FFAEB5620972045EBD958E7272EA302D058780
                                                                                                                                                                                                                                                                                                              Function 04E12A30 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000006.00000003.2352019191.0000000004E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E10000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_6_3_4e10000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 272a745e45fbaa2a52f4e08fba1f5a34747aad1934372a23ef7032e1b4b07392
                                                                                                                                                                                                                                                                                                              • Instruction ID: ad2ea04ae564253d12f4e061d5fedea2b7f17bbafb15cee6cead8d2fe5680bbb
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 272a745e45fbaa2a52f4e08fba1f5a34747aad1934372a23ef7032e1b4b07392
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7CD02B3034312487DB1419B668242BE368CDB436557819067F50AE2380DF0CDE4243C4
                                                                                                                                                                                                                                                                                                              Function 04E15EB0 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000006.00000003.2352019191.0000000004E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E10000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_6_3_4e10000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: a3e376cc33af0f57c152e521a6dacd61210778551716942b25d45d186250c081
                                                                                                                                                                                                                                                                                                              • Instruction ID: de18cee3bc3966d335a9d481f64f6b6a9fe9909702617a4dd33f4ace297dd403
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a3e376cc33af0f57c152e521a6dacd61210778551716942b25d45d186250c081
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E7E05B767466D48FDB014738F0A85593F739B8A71571500D7D146CF3B7CE159C058745
                                                                                                                                                                                                                                                                                                              Function 04E10C48 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000006.00000003.2352019191.0000000004E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E10000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_6_3_4e10000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 7b06c827c6dc5b0ca5c8d328863969c3783e7d801f60ac5a9b8f24ee32d30504
                                                                                                                                                                                                                                                                                                              • Instruction ID: bb85df61655d154a2e5bc60ec9dfb6b28444c9b808b4e7f6e65ee56c9b66a19d
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7b06c827c6dc5b0ca5c8d328863969c3783e7d801f60ac5a9b8f24ee32d30504
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8AD0A7313512209BD200566CE4649A937ADDB8A714B40046AF20AC7320C951FC000788
                                                                                                                                                                                                                                                                                                              Function 04E117F0 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000006.00000003.2352019191.0000000004E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E10000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_6_3_4e10000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: c182d2a2d6e97193596757a3597d271ed0503ed147a0e0ea21896040f5af9c84
                                                                                                                                                                                                                                                                                                              • Instruction ID: a8706c42829b10bb11ab9597197be4d90ac668d0453f4017d763e50423dc6ec0
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c182d2a2d6e97193596757a3597d271ed0503ed147a0e0ea21896040f5af9c84
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 63D02E3B2081C88FCB025B21B8540EA7FB3AB1E21030850D7E5958BAB2CF300855C780
                                                                                                                                                                                                                                                                                                              Function 04E10C0C Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000006.00000003.2352019191.0000000004E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E10000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_6_3_4e10000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 1ad88e8446a82f42a79989eb01360c8994e415bcc232735ec41d532fc82c4bbc
                                                                                                                                                                                                                                                                                                              • Instruction ID: eca2880c64dc374bd693b3a0d4f55739b5cb886744ce4f2ea0490781c19fe7be
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1ad88e8446a82f42a79989eb01360c8994e415bcc232735ec41d532fc82c4bbc
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1FD0A73235011CAB92106719E8959BA7BA9EB89360350846BFA0583330DD717C418795
                                                                                                                                                                                                                                                                                                              Function 04E12968 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000006.00000003.2352019191.0000000004E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E10000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_6_3_4e10000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 0eae98053f242ede5aa7c3880acde2f84005dbf2cd2b4e7f4decbe2f2a696b56
                                                                                                                                                                                                                                                                                                              • Instruction ID: 907ca8db2646579fbb4d50ada09541b36ea00b37019e5e379fca6211b0cc8bc4
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0eae98053f242ede5aa7c3880acde2f84005dbf2cd2b4e7f4decbe2f2a696b56
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 61D05E7491120ADFDF00DFB5E91196DBBFBEB45204B2086B59808D3220EA315E008BC0
                                                                                                                                                                                                                                                                                                              Function 04E10440 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000006.00000003.2352019191.0000000004E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E10000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_6_3_4e10000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: b6e938a91e465cfdc9d6cc34a493709d824e6c37b54416d46e526babfcf2a150
                                                                                                                                                                                                                                                                                                              • Instruction ID: f61e20deeec31d3fa7867a3495ec57190a1ed1829321569dc246c2af1437c612
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b6e938a91e465cfdc9d6cc34a493709d824e6c37b54416d46e526babfcf2a150
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 71C080F7B75D45ABF31105085CDB6E73B30F6712083898145C040D4113E11AB0178175
                                                                                                                                                                                                                                                                                                              Function 04E10E7C Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 00000006.00000003.2352019191.0000000004E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E10000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_6_3_4e10000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: f416e6d9e579eed182a52d1dc63a8af3f13723ff73732ee740d8e8c5255ed83f
                                                                                                                                                                                                                                                                                                              • Instruction ID: a5789b6bb2e8267518b8ff6cdd740e4b699985a9aa38c3a0512d36680dceefe6
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f416e6d9e579eed182a52d1dc63a8af3f13723ff73732ee740d8e8c5255ed83f
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 27B01265684100A2B200AB3558F4DF640E797C5304BC4EC443101600249C28F0001004

                                                                                                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                                                                                                              Function 00007FFD341C0C1D Relevance: 2.1, Instructions: 2145COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2423358041.00007FFD341C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD341C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_7ffd341c0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: d0d24ea92bb17a63446566ca0db6531a2caecc763ffc618d925c58b00ef0daf7
                                                                                                                                                                                                                                                                                                              • Instruction ID: 497010114009943b42f93af7950d2130aec100325489c02c512d534300555aa9
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d0d24ea92bb17a63446566ca0db6531a2caecc763ffc618d925c58b00ef0daf7
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 84035F71E09A598FDBA9DB28C8A47A9B7B1FF5A304F5440F9D00DD7291CA39AD81CF00
                                                                                                                                                                                                                                                                                                              Function 00007FFD341CC922 Relevance: .5, Instructions: 460COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2423358041.00007FFD341C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD341C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_7ffd341c0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 7220fcbc0df8b558e44d640c7b22edebb4494d0e87b7781fab942126a72ca8a4
                                                                                                                                                                                                                                                                                                              • Instruction ID: 97d58083251d510b161d8c2c412b2e8d532fac586225f77dfcc0e62672fe6583
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7220fcbc0df8b558e44d640c7b22edebb4494d0e87b7781fab942126a72ca8a4
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 88E1B431A08A4E8FEBA8DF28C8657E977D1FF55710F04426ED84DC7291DE78AD418B81
                                                                                                                                                                                                                                                                                                              Function 00007FFD341C184E Relevance: .3, Instructions: 258COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2423358041.00007FFD341C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD341C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_7ffd341c0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 89ce34cbb13444d9334b58ebfe176a48f9414932ddfc1ff7e41fa107403afd4b
                                                                                                                                                                                                                                                                                                              • Instruction ID: a62fff11b6733c9581c431fd38d195a3b6d92a6404f4ba27ab52f7e8c0075f51
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 89ce34cbb13444d9334b58ebfe176a48f9414932ddfc1ff7e41fa107403afd4b
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D9913131E49A598FE7A9DB6488A47B9B7B1EF47301F5450F9C00DE7292CA399E81DF00
                                                                                                                                                                                                                                                                                                              Function 00007FFD341C1E7E Relevance: .2, Instructions: 200COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2423358041.00007FFD341C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD341C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_7ffd341c0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 7e1f33b73af614a60549baed94bb04d7878cb37dd88b4d84a9ffab2ed364ece3
                                                                                                                                                                                                                                                                                                              • Instruction ID: ac0f0d0c961a6eca62e2a0beb9ac4537f7edc141ca533cb30f85176cd6b25912
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7e1f33b73af614a60549baed94bb04d7878cb37dd88b4d84a9ffab2ed364ece3
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 21713F31E49A1D8FEBA5DB2888957A9B7B1EF5A300F5040F9D10DD7291CA399E81DF00
                                                                                                                                                                                                                                                                                                              Function 00007FFD341C1E88 Relevance: .2, Instructions: 188COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2423358041.00007FFD341C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD341C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_7ffd341c0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: af607e250d5a5d05fa9421740b4c647b2ea7cc19c09dcd6442eea3bcb3d4071e
                                                                                                                                                                                                                                                                                                              • Instruction ID: f17ee207b3343e3f126f14562730c0aa752ec4c39a01ed47635add8a77e6e994
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: af607e250d5a5d05fa9421740b4c647b2ea7cc19c09dcd6442eea3bcb3d4071e
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 37613E31E49A1D8FE7A5DB2888957A9B7B1EF56300F5040F9D00DD7292CA39AE85DF40
                                                                                                                                                                                                                                                                                                              Function 00007FFD341C1EB6 Relevance: .2, Instructions: 175COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2423358041.00007FFD341C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD341C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_7ffd341c0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: eacbf118bd569e430c0c7d68af37d674b86ddab4bdf0fb871f81fa5051ba42e2
                                                                                                                                                                                                                                                                                                              • Instruction ID: 531d2f11990a436d0ceac3edb4dfb755bbe14ca4bb7863dd7dd177869d6501f4
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: eacbf118bd569e430c0c7d68af37d674b86ddab4bdf0fb871f81fa5051ba42e2
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2E511C71E09A2D8FEBA5DB2888957E9B7B1EB5A300F5041E9D10DD3291CA399E81DF00
                                                                                                                                                                                                                                                                                                              Function 00007FFD341C6782 Relevance: 4.1, Strings: 3, Instructions: 306COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2423358041.00007FFD341C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD341C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_7ffd341c0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: P(*4$P(*4$P(*4
                                                                                                                                                                                                                                                                                                              • API String ID: 0-417607728
                                                                                                                                                                                                                                                                                                              • Opcode ID: 38768dd4c202cc16264fd602325d0cf87b2986116479b0797b105eca9cb0a410
                                                                                                                                                                                                                                                                                                              • Instruction ID: 34c26c8f43ef4b2978c033b0886afaea3b47c1e00cabe1c25a4c6123d0e8dfa7
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 38768dd4c202cc16264fd602325d0cf87b2986116479b0797b105eca9cb0a410
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 28A1E722A1DF8A4FEB95DB288DA56A53BE0EF57310F4801F9D559C71E3DD2CAC068381
                                                                                                                                                                                                                                                                                                              Function 00007FFD342B0850 Relevance: 2.2, Strings: 1, Instructions: 951COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2423718052.00007FFD342B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD342B0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_7ffd342b0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: `e*4
                                                                                                                                                                                                                                                                                                              • API String ID: 0-446765385
                                                                                                                                                                                                                                                                                                              • Opcode ID: 30ea5b9605609887e46b07a946ddbf8940d642447e391c8b4036e1765e1d198d
                                                                                                                                                                                                                                                                                                              • Instruction ID: a9e4422571c5c4e77ee7b24589151a0c5c4576f270837ba2470832b6141b9b61
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 30ea5b9605609887e46b07a946ddbf8940d642447e391c8b4036e1765e1d198d
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C3F1F530B0CA894FE75AD72C98656747BD1EF9B310B1901BED18ED72E3CD69AC428781
                                                                                                                                                                                                                                                                                                              Function 00007FFD341C7627 Relevance: 1.7, Strings: 1, Instructions: 474COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2423358041.00007FFD341C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD341C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_7ffd341c0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: E
                                                                                                                                                                                                                                                                                                              • API String ID: 0-3568589458
                                                                                                                                                                                                                                                                                                              • Opcode ID: eb70c90b2f4edd774b39f276b1343b0d6ae3bd7a1061a589d97ce42ebee90e3b
                                                                                                                                                                                                                                                                                                              • Instruction ID: 1e43962da532743eb41fbae4978be0f6c5398b6225e39d39b37869f07d8e496c
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: eb70c90b2f4edd774b39f276b1343b0d6ae3bd7a1061a589d97ce42ebee90e3b
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A181E762B0DA8A4FF752EB7C88656A87FB1EF47210F9901BAC458D71E3DD281C42C352
                                                                                                                                                                                                                                                                                                              Function 00007FFD341C5988 Relevance: 1.6, Strings: 1, Instructions: 370COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2423358041.00007FFD341C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD341C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_7ffd341c0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: L_^
                                                                                                                                                                                                                                                                                                              • API String ID: 0-3811526842
                                                                                                                                                                                                                                                                                                              • Opcode ID: 15a32742b25fb2f18d8c0c452a64ad60b2a4bc27e49611f2d181cfe567998725
                                                                                                                                                                                                                                                                                                              • Instruction ID: 3a1d11242a860fa8c4010b591393b08d9d13c790a2547e14e1a8f62885ad3995
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 15a32742b25fb2f18d8c0c452a64ad60b2a4bc27e49611f2d181cfe567998725
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C2B12C27B0DA554FE765B7789CA21F83BA0EF57325B4801BBC14CCB1D3D91D584A83A2
                                                                                                                                                                                                                                                                                                              Function 00007FFD342B04DE Relevance: 1.4, Strings: 1, Instructions: 142COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2423718052.00007FFD342B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD342B0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_7ffd342b0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: `>*4
                                                                                                                                                                                                                                                                                                              • API String ID: 0-2051594264
                                                                                                                                                                                                                                                                                                              • Opcode ID: e57fe5b95b60dcde43385cf7a5d7482e2fc8d74a07139cd09571df632f67ff6e
                                                                                                                                                                                                                                                                                                              • Instruction ID: a846a6e7d7c960c7e574d4ec399764d13db1aa520d2572b00f318665872d0a7e
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e57fe5b95b60dcde43385cf7a5d7482e2fc8d74a07139cd09571df632f67ff6e
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 02311321B0DB854FE7839B3C48AA5643FE1EFAB21070941FBD089C72A3DD58AC46C341
                                                                                                                                                                                                                                                                                                              Function 00007FFD341C0C89 Relevance: .9, Instructions: 921COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2423358041.00007FFD341C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD341C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_7ffd341c0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 3a9da2b127050d343af86da614fc7df9c22a4e06a12eabc7ffac7e1ee2f2e149
                                                                                                                                                                                                                                                                                                              • Instruction ID: c232187a0f448da1df4ac6ca662a4bac734c6165909fff2c86cd51a1313bf3c1
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3a9da2b127050d343af86da614fc7df9c22a4e06a12eabc7ffac7e1ee2f2e149
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6F821A71A089198FDBA9EB14C8A47A9B7B2FF5A304F5040FDD05ED7291CA39AD81CF50
                                                                                                                                                                                                                                                                                                              Function 00007FFD341CB679 Relevance: .4, Instructions: 414COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2423358041.00007FFD341C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD341C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_7ffd341c0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: f9824cc862f7dffb07d1ff890a7f5f99ddf3703170d29ef46b948f6bd5ef0f2b
                                                                                                                                                                                                                                                                                                              • Instruction ID: 4986dfd81a3cb9e2f0e6b443c2e27c0bf13fe5644395551df59d150ab1ab09fd
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f9824cc862f7dffb07d1ff890a7f5f99ddf3703170d29ef46b948f6bd5ef0f2b
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1BD1C531A18A8D8FEBA8DF28D8557F977D1FF55310F04426EE84DC7291CB78A8418B82
                                                                                                                                                                                                                                                                                                              Function 00007FFD341C82D3 Relevance: .4, Instructions: 414COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2423358041.00007FFD341C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD341C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_7ffd341c0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 9e46a9d2cc10c95a3d75244da83d9b62447dd9468f4f2e16a0c64b70d5706260
                                                                                                                                                                                                                                                                                                              • Instruction ID: b139a82714c09fefe7b1233bd511074dcef83f6c8433730ae817d68bb840607c
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9e46a9d2cc10c95a3d75244da83d9b62447dd9468f4f2e16a0c64b70d5706260
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CCF1D770A09A1C8FDB95EB68C894BA8B7F1FF5A301F5440AAD00DE72A1DB759D85CF00
                                                                                                                                                                                                                                                                                                              Function 00007FFD341C2FFA Relevance: .4, Instructions: 358COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2423358041.00007FFD341C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD341C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_7ffd341c0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 3b11a508e846e7b346e0f86d0c1d20377895460373c206ff10c2c6886aa7ba64
                                                                                                                                                                                                                                                                                                              • Instruction ID: 04ee2dfc98991a96643a78a046b2a29695f289b2e0c71d94ab3143c0f1b4c284
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3b11a508e846e7b346e0f86d0c1d20377895460373c206ff10c2c6886aa7ba64
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 11A10817B0D5958AEB12F7BCB8B11EA7B60CF4363EB0C42B3D1D899083DD1C544E86A5
                                                                                                                                                                                                                                                                                                              Function 00007FFD342B0003 Relevance: .3, Instructions: 344COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2423718052.00007FFD342B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD342B0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_7ffd342b0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 81c8e1a68227bd4da690f9ebb6b1ad39d663468cd3355c093cb2df58f83fb54f
                                                                                                                                                                                                                                                                                                              • Instruction ID: e237fc995789d74d0f4aede8e15f26aa3768893817d4fc3451ba1624005d29fe
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 81c8e1a68227bd4da690f9ebb6b1ad39d663468cd3355c093cb2df58f83fb54f
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BAA11631B0DB884FD796DB2C98A55347BE1EF9B310B0901FBD589C72A3DD59AC068742
                                                                                                                                                                                                                                                                                                              Function 00007FFD341CC536 Relevance: .3, Instructions: 333COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2423358041.00007FFD341C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD341C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_7ffd341c0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: c6cfccf300bf68dea91e150a4ee3d8b8038c07912c7de5c94aeec6108ffb49ab
                                                                                                                                                                                                                                                                                                              • Instruction ID: 86735f2790a324a55750411eb0bce45e036a9af825b253a23a2c44fe91a1368d
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c6cfccf300bf68dea91e150a4ee3d8b8038c07912c7de5c94aeec6108ffb49ab
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8FB1B531608A4D8FEB69DF28D8557E93BE1FF56310F04426EE44DC7292DB78A845CB82
                                                                                                                                                                                                                                                                                                              Function 00007FFD341CD7BE Relevance: .3, Instructions: 315COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2423358041.00007FFD341C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD341C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_7ffd341c0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 2880ff6ffca7c2bd6daf5e0eb5d95b898069496f3b50134b2a9c3cbb77a4cab2
                                                                                                                                                                                                                                                                                                              • Instruction ID: 8a1ad395d7f5a39efc81b010f8a738d068eace056265486d600a3b1dbb525da2
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2880ff6ffca7c2bd6daf5e0eb5d95b898069496f3b50134b2a9c3cbb77a4cab2
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 44B1B370A08A5D8FDF94EF68C894BA9B7F1FF69301F1141A9D00DE7261DA34AD81CB41
                                                                                                                                                                                                                                                                                                              Function 00007FFD341C3368 Relevance: .3, Instructions: 291COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2423358041.00007FFD341C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD341C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_7ffd341c0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 2a553eaf0f21c09bad01569c948ba67eb172ba9147efde6dc35e2c79305cbeb8
                                                                                                                                                                                                                                                                                                              • Instruction ID: 8fd11b9f562545785cd524f25a2d55f873089fb4a685deed3fc6e1fffc11c5ca
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2a553eaf0f21c09bad01569c948ba67eb172ba9147efde6dc35e2c79305cbeb8
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7BA16231B09A5D8FDBA5DB68C9A07A8B7B1FF56300F5041B9C00DE7291CE399D85DB41
                                                                                                                                                                                                                                                                                                              Function 00007FFD341C1B2F Relevance: .3, Instructions: 251COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2423358041.00007FFD341C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD341C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_7ffd341c0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 8d167a9015972a6429b4e1ca0dfc8fe923c67925cf0b666551d0835857f322ca
                                                                                                                                                                                                                                                                                                              • Instruction ID: 6ea14e09a1af9d133e39e91b14c86aa0a4e2a459ac54aaa83ac8c2d0101a44ff
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8d167a9015972a6429b4e1ca0dfc8fe923c67925cf0b666551d0835857f322ca
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 79A13B30A09A2D8FEBA5DB28C9947E8B7B1EF5A301F5440E9D04DD7291CA789E81DF41
                                                                                                                                                                                                                                                                                                              Function 00007FFD341C946C Relevance: .2, Instructions: 195COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2423358041.00007FFD341C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD341C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_7ffd341c0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 8e59d6fad5e1c13f582acf2128ee72e19d3b9e6e898d5edf6b29c0f38ebedbfe
                                                                                                                                                                                                                                                                                                              • Instruction ID: f74dbc22ea05570c09004ef05e5211306523bbccf0e8ddfce96b517563fb898f
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8e59d6fad5e1c13f582acf2128ee72e19d3b9e6e898d5edf6b29c0f38ebedbfe
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 45519231918A0C8FDB68DF58D855BE9BBF1FB59310F0082AAD00DE3252CE34A985CF81
                                                                                                                                                                                                                                                                                                              Function 00007FFD341C5A1B Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2423358041.00007FFD341C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD341C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_7ffd341c0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: f6f113c166c012d1815f883da8266ab07bc078a69d9503ebfefe50d6ad32a875
                                                                                                                                                                                                                                                                                                              • Instruction ID: 7d9276a9197efb863814f2a38656fd48ac90069bbbfc9cfda372f9bdb39eceb1
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f6f113c166c012d1815f883da8266ab07bc078a69d9503ebfefe50d6ad32a875
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DC411C32A0DA568FE799D7288DA11783BE1EF4B311F9800BDD54DC72D6D92C9C05D352
                                                                                                                                                                                                                                                                                                              Function 00007FFD341CE6D9 Relevance: .1, Instructions: 135COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2423358041.00007FFD341C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD341C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_7ffd341c0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: a6ee235404e7fa6375fd5730ea6bd1db15e49e8af6add156e7e9af7566c003c2
                                                                                                                                                                                                                                                                                                              • Instruction ID: 3122526860dd106ce17714052de66af4ea31a64dca973d48f56c6fbd5487f14b
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a6ee235404e7fa6375fd5730ea6bd1db15e49e8af6add156e7e9af7566c003c2
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 14410C31A08A0D8FDB58DF98D9A0AFEB7B1FF5A300F141469E109E7291CB39A840CB50
                                                                                                                                                                                                                                                                                                              Function 00007FFD341C7A45 Relevance: .1, Instructions: 122COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2423358041.00007FFD341C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD341C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_7ffd341c0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: dbf137af0344d375bfad8b603d0cfeb883622cc46f1c43beda5ee9e4b4e8c803
                                                                                                                                                                                                                                                                                                              • Instruction ID: ae3ac8d1752db35f949386e19795ee0863cef47d2cdb31c4c2671e12f821053f
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dbf137af0344d375bfad8b603d0cfeb883622cc46f1c43beda5ee9e4b4e8c803
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 00418171A09A8D8FEB46DBA8C8516E9BBB1FF5B300F4500BAD158D7292CA3C9C45CB51
                                                                                                                                                                                                                                                                                                              Function 00007FFD341CD1FC Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2423358041.00007FFD341C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD341C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_7ffd341c0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: e9692c619f2f1de67c721e1137a6840d7fabdb4e6d258191279d33ec0c7a8b64
                                                                                                                                                                                                                                                                                                              • Instruction ID: c91edb48b19aec5cc573252a3e5f7297a93ec9e9ce0f5ff5face7405162f007c
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e9692c619f2f1de67c721e1137a6840d7fabdb4e6d258191279d33ec0c7a8b64
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4141EC71E1891DCFEB94EB68C8956ACB7B1FF5A301F5010B9D50DE7291DB39A841DB00
                                                                                                                                                                                                                                                                                                              Function 00007FFD341C7C51 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2423358041.00007FFD341C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD341C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_7ffd341c0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 45df61ab35e90bf334ed776c3a715430d1e10b00dd081724c7643d6972d948e1
                                                                                                                                                                                                                                                                                                              • Instruction ID: 4c2d4896f5ef9f71a4db36a0bd9bd2c51659e0922e830d48d9d976c6f7a93137
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 45df61ab35e90bf334ed776c3a715430d1e10b00dd081724c7643d6972d948e1
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C131D531A09B898FEB42DF78C851AA97FF1EF5B300F4541E6D408D7292DB389841C751
                                                                                                                                                                                                                                                                                                              Function 00007FFD341C47CD Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2423358041.00007FFD341C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD341C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_7ffd341c0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: f2d5877b7edd874a37e4e0239d75bebeae895d57c50397dc7b506db606a3b2b0
                                                                                                                                                                                                                                                                                                              • Instruction ID: 631c7f3a4ed69679d14716bcd20a9d8b0c870825c8259da6038a2e2091bf1329
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f2d5877b7edd874a37e4e0239d75bebeae895d57c50397dc7b506db606a3b2b0
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: ED31F413A0DAC64BE722ABF859B51FA7B90FF53214B0840BBD1A9CA0D3DD1C9C05D381
                                                                                                                                                                                                                                                                                                              Function 00007FFD341C49F1 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2423358041.00007FFD341C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD341C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_7ffd341c0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 07e6250799055138479b5815d849106509b59ef09b53fcbdc19ac3c5159c9cb2
                                                                                                                                                                                                                                                                                                              • Instruction ID: 9d459d125c3afe174c026ac02d0ca6f7457eb2cec6032b9ed6fa49947b270bcb
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 07e6250799055138479b5815d849106509b59ef09b53fcbdc19ac3c5159c9cb2
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 04314031709A4D8FDB95EF68C491AA977A2FF4A304F9544B8D00DC7292CE3AEC42CB01
                                                                                                                                                                                                                                                                                                              Function 00007FFD341C7DC1 Relevance: .1, Instructions: 82COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2423358041.00007FFD341C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD341C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_7ffd341c0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 9a1853e6c8cf511cf92a040e9cb753f88d10b76d0776ea0b09f132503020193f
                                                                                                                                                                                                                                                                                                              • Instruction ID: 1b616dd01e445e6675871881bdf23136bf240195d7a89e50ed0cb73fb5e158f2
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9a1853e6c8cf511cf92a040e9cb753f88d10b76d0776ea0b09f132503020193f
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7C215E71E18A4D8FEB91EBA8C8957EDBBF1FF59300F440176D108E7251DB3898458B41
                                                                                                                                                                                                                                                                                                              Function 00007FFD341C4EFA Relevance: .1, Instructions: 82COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2423358041.00007FFD341C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD341C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_7ffd341c0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 3ebc7a14e6f9b6cef465b863b71514f5f27b1a9b0b40093f1a09f9a88ca4ff0d
                                                                                                                                                                                                                                                                                                              • Instruction ID: 1652db0ec43169cd17df786866b00d703253e6b6ac83b5f357ab210d103645af
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3ebc7a14e6f9b6cef465b863b71514f5f27b1a9b0b40093f1a09f9a88ca4ff0d
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7821DA32B0C6994FD716EF68E8A55EB7FA0EF86221B0401BBE55DC3163CA289805C791
                                                                                                                                                                                                                                                                                                              Function 00007FFD341C3B7D Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2423358041.00007FFD341C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD341C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_7ffd341c0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 6c4feb8a91e5201097b9e92f0b416270402fcbbeb80ef9e37117f1ea1b52bd6b
                                                                                                                                                                                                                                                                                                              • Instruction ID: 65e3510d9d049e79baf33ff0d017b276aadf2572739d2ca82f538c8abefd1ef3
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6c4feb8a91e5201097b9e92f0b416270402fcbbeb80ef9e37117f1ea1b52bd6b
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9411A031E0CA4D8BEB15EBA4C8A16FEBBB0EF46310F4101B9D108E7182CE38A8548B41
                                                                                                                                                                                                                                                                                                              Function 00007FFD341C483D Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2423358041.00007FFD341C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD341C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_7ffd341c0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: e79850843b9bf3733ccee18ef44c024ccc52357e7fc422dc9406dfb8a0e272ba
                                                                                                                                                                                                                                                                                                              • Instruction ID: 65b5c26cbf6f78c1f78be35670e81595578832373c40438b748458c76ff22b1f
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e79850843b9bf3733ccee18ef44c024ccc52357e7fc422dc9406dfb8a0e272ba
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E011C833A0C6894FEB11FFA898F12FA3B90EF16218F040576E55CC6193DD2C9859C741
                                                                                                                                                                                                                                                                                                              Function 00007FFD341CD132 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2423358041.00007FFD341C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD341C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_7ffd341c0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 0f0b6d4f212d212055c83f45fe5c10e33ce0e26083e5db6615fd3a1f19b30605
                                                                                                                                                                                                                                                                                                              • Instruction ID: c039feaa9d8e5d18c03c82e066ef7d96ef29559256065d2348d75f36f59bc609
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0f0b6d4f212d212055c83f45fe5c10e33ce0e26083e5db6615fd3a1f19b30605
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CD119531A1891DCFDF94EFA8D895AECBBB1FF5A301F540069E109E7261CB39A841CB10
                                                                                                                                                                                                                                                                                                              Function 00007FFD341C35AB Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2423358041.00007FFD341C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD341C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_7ffd341c0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: be29559e6c65e4ce3efc65f89e8d9babcd998e03d28fdd476f4a3a980683883a
                                                                                                                                                                                                                                                                                                              • Instruction ID: f8dcbc6b71f8634a9c79a0f93cad1c1dc058b2e9e326131646d10ea74c2bda4f
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: be29559e6c65e4ce3efc65f89e8d9babcd998e03d28fdd476f4a3a980683883a
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5601C435A08A2D8FDBA8DB58D8947ECB3B1FB59301F5044AA910EE3281CA395E84DF40
                                                                                                                                                                                                                                                                                                              Function 00007FFD341C6E93 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2423358041.00007FFD341C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD341C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_7ffd341c0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 4db7e997fc44cbe5bcde5953b4116c764836bf346ba6dd5c1a6b7f147ab74357
                                                                                                                                                                                                                                                                                                              • Instruction ID: 087cfa64db8dc7c6dfd7f8c2faffa764ecc689b76c685cf76584a21048e35863
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4db7e997fc44cbe5bcde5953b4116c764836bf346ba6dd5c1a6b7f147ab74357
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5CA00203BDA86E019444209D7D920D8B244D786171BC52572EE0CD415A988E1DE61289

                                                                                                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                                                                                                              Function 00007FFD341C6EA1 Relevance: 7.6, Strings: 6, Instructions: 94COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2423358041.00007FFD341C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD341C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_7ffd341c0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: 0,*4$H.*4$`-*4$p-*4$x,*4$+*4
                                                                                                                                                                                                                                                                                                              • API String ID: 0-2716384805
                                                                                                                                                                                                                                                                                                              • Opcode ID: bf176ede1c81b2e020df17214303fb9dc47fb1e977d71f1974dddec33d61bec1
                                                                                                                                                                                                                                                                                                              • Instruction ID: 33148327e5a78c1a00998a2a4eed035b7586c30f73a3fab608b7ab672a839587
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bf176ede1c81b2e020df17214303fb9dc47fb1e977d71f1974dddec33d61bec1
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2A31CF83B1EDC11FE3128A684D751786FA0AF43240B5841F7D594EA2FBAC0CED1993A1
                                                                                                                                                                                                                                                                                                              Function 00007FFD341C6E2D Relevance: 6.4, Strings: 5, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2423358041.00007FFD341C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD341C0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_7ffd341c0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: H.*4$X"*4$`-*4$p-*4$kL_^
                                                                                                                                                                                                                                                                                                              • API String ID: 0-3278405856
                                                                                                                                                                                                                                                                                                              • Opcode ID: e33b0fd0cbd9ed49507d2750ed362e662aa393dfd893e22576f41f49b07a9973
                                                                                                                                                                                                                                                                                                              • Instruction ID: ad6de78e6f1bd7457bedfbf06ab81b384b66bf2a7e863ecad659bce92a1475f8
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e33b0fd0cbd9ed49507d2750ed362e662aa393dfd893e22576f41f49b07a9973
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E6313553B1ECC21FE351CA689D7A1B87B91EF83250B0802B7C688D31B7ED0DAC169381

                                                                                                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                                                                                                              Function 00007FFD341CF220 Relevance: 17.8, Strings: 13, Instructions: 1547COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: 0$54$H654$pG64$pG64$pG64$pG64$(54$(54$(54$(54$(54$(54$(54
                                                                                                                                                                                                                                                                                                              • API String ID: 0-2095864857
                                                                                                                                                                                                                                                                                                              • Opcode ID: e2ca17bc73c29cd5b0a8037f4bacbbc1ccb3a33ba53595d0eefb1048d91eb7d2
                                                                                                                                                                                                                                                                                                              • Instruction ID: f492c5f569882dc518eaa3297709ee2fd863b7a791eeb274b93eb786e6d65da4
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e2ca17bc73c29cd5b0a8037f4bacbbc1ccb3a33ba53595d0eefb1048d91eb7d2
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4FB23EB1A0EA895FE759EB7C88A99F97BD5EF87304B4404FDD049CB192DD2CA842C740
                                                                                                                                                                                                                                                                                                              Function 00007FFD343AC4FB Relevance: 9.3, Strings: 7, Instructions: 569COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4758095741.00007FFD343A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD343A0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd343a0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: 0)C4$@(C4$`'C4$}._^$~._^$$C4$%C4
                                                                                                                                                                                                                                                                                                              • API String ID: 0-535250313
                                                                                                                                                                                                                                                                                                              • Opcode ID: 286ea04bd313fe0fa94687fdbf85fbebea4f5abcaa7c473926b0b50f0d153aa8
                                                                                                                                                                                                                                                                                                              • Instruction ID: 8585b6f27e49b7da378eb95c5b9efcc6c25eac6339a4c76472dd95b8008c47a6
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 286ea04bd313fe0fa94687fdbf85fbebea4f5abcaa7c473926b0b50f0d153aa8
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8B120832A4E6858FE751FB6C98A51E97BA0FF57314F0800BBD188DB193DA3CA845C791
                                                                                                                                                                                                                                                                                                              Function 00007FFD3419A7FA Relevance: 3.0, Strings: 2, Instructions: 485COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: $4$$4
                                                                                                                                                                                                                                                                                                              • API String ID: 0-4171976954
                                                                                                                                                                                                                                                                                                              • Opcode ID: 24e8134b4c9e97c5604ae49247ce08ada0755d3b42b3f1d828817354ee2205ef
                                                                                                                                                                                                                                                                                                              • Instruction ID: 687ea503683bf4719772ebb83d87fbd663edfd20e54f55d580324d4a1c0da993
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 24e8134b4c9e97c5604ae49247ce08ada0755d3b42b3f1d828817354ee2205ef
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7DE11C57B0EDC24BF722A6AD64A51F97B90DF8367670801BBD29CCA1C3DC0C684E52E1
                                                                                                                                                                                                                                                                                                              Function 00007FFD341CF078 Relevance: 2.5, Strings: 1, Instructions: 1211COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: dM_L
                                                                                                                                                                                                                                                                                                              • API String ID: 0-2936794619
                                                                                                                                                                                                                                                                                                              • Opcode ID: 2d85bde564e5aabd556fad04603f49b237a1275ec9ecc2ea953c7db4e948063f
                                                                                                                                                                                                                                                                                                              • Instruction ID: f1880c383f2091d7be2982e9551b8e7131abe3064b0c0dbe1b97fce0d80bcd70
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2d85bde564e5aabd556fad04603f49b237a1275ec9ecc2ea953c7db4e948063f
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 34823B71B0EA895FE759EB6888A96BA7BD1EF87304F1444FDD04EC7192DD2CA842C740
                                                                                                                                                                                                                                                                                                              Function 00007FFD3419CFB8 Relevance: 1.9, Strings: 1, Instructions: 628COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: H
                                                                                                                                                                                                                                                                                                              • API String ID: 0-2852464175
                                                                                                                                                                                                                                                                                                              • Opcode ID: ec6f34e551ea1620060411ca0d7074b286b86d0345198c89b28982f07736118c
                                                                                                                                                                                                                                                                                                              • Instruction ID: bbf1122e8cf99285cd33a46406212f76162e5b8b8032ac3952d3b42c62fba72f
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ec6f34e551ea1620060411ca0d7074b286b86d0345198c89b28982f07736118c
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0322F73171DB854FD795DB2884A16BABBE1FF96300F04457ED5CAC7292DE28E842C782
                                                                                                                                                                                                                                                                                                              Function 00007FFD341A1CF0 Relevance: .6, Instructions: 574COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 81d6c1d96fa0040fd81d0f3fb06a9b59d7c9026b9029ff7d5824fa3c9dd741c4
                                                                                                                                                                                                                                                                                                              • Instruction ID: fcb40e1e218aba482ee1468e42985566ce9b04137b15978cda2432b193dd6a21
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 81d6c1d96fa0040fd81d0f3fb06a9b59d7c9026b9029ff7d5824fa3c9dd741c4
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BD12947171DB854FD799DB2880A167ABBE1FF9A300F04457DE5CAC3291DA38E842D782
                                                                                                                                                                                                                                                                                                              Function 00007FFD343B4D35 Relevance: .4, Instructions: 366COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4758095741.00007FFD343A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD343A0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd343a0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 4613bc2fd1969aa7306ce92ac4b42164dbacb1ba56c5ea3644566d05bb87b3bc
                                                                                                                                                                                                                                                                                                              • Instruction ID: 44e43c88e485e5cd060176ee6c402f0afc3a4a137f9cc5877c013aee434ada69
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4613bc2fd1969aa7306ce92ac4b42164dbacb1ba56c5ea3644566d05bb87b3bc
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D8C12733E0C5964BFB65FBBCD4A11EA7BA0EF12719F084276C19CDB083DE2968468754
                                                                                                                                                                                                                                                                                                              Function 00007FFD34190D42 Relevance: .3, Instructions: 304COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: ff391a33d0f0dc047b13d1d521009ae49d203045ad7de4c6d45cc1d12216f042
                                                                                                                                                                                                                                                                                                              • Instruction ID: 0dd504353f72334425f0decad4ac0dbc9d3d710ee3ff05eef82885751211be12
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ff391a33d0f0dc047b13d1d521009ae49d203045ad7de4c6d45cc1d12216f042
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EBB18F31A096598FEB99DF18C8A47FAB7B1FF4A304F1444EED04ED7291CA396985CB40
                                                                                                                                                                                                                                                                                                              Function 00007FFD341A6AE6 Relevance: .3, Instructions: 290COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: d644014f89ae25c1169ae48d649d4439042fd0558e5ffc1014f211b66ca1ef5e
                                                                                                                                                                                                                                                                                                              • Instruction ID: c4e8b3c78be337b8d991e1cac5e59367a0b51d808eeaf549ee18b7d3cc20bce3
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d644014f89ae25c1169ae48d649d4439042fd0558e5ffc1014f211b66ca1ef5e
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E5B12B71E19A198FDBA8DF58C895BACB7F1FF59300F1001A9D14DE72A2DA34A985CF40
                                                                                                                                                                                                                                                                                                              Function 00007FFD341A6AF0 Relevance: .2, Instructions: 217COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 92e0b934e415cce620a202abd4bf8de0f15edd32cdc188f519a9af818a792fd1
                                                                                                                                                                                                                                                                                                              • Instruction ID: 93b384b5815f3f6899292d9507b4162d5bfbb67a4e98cd36079886eb58ee7fc5
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 92e0b934e415cce620a202abd4bf8de0f15edd32cdc188f519a9af818a792fd1
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 69811C71E199198FDBA8DF58C8957ACB7F1FF59301F0001A9D14DE72A1CA34A985DF40
                                                                                                                                                                                                                                                                                                              Function 00007FFD34194E6B Relevance: .1, Instructions: 124COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: fd6725260948daa9321bb40da02fe90c17218ae27314e289028025ffdfee19b7
                                                                                                                                                                                                                                                                                                              • Instruction ID: aa1910a05b0aba20d1d439310f9484cf3cbd9f158e67d0fc060eca0f77e9a754
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fd6725260948daa9321bb40da02fe90c17218ae27314e289028025ffdfee19b7
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6441A432E0DA894FD759DF6884A52EDBBF0EF4A200F4404BDD049E71D2CA3C6845DB90
                                                                                                                                                                                                                                                                                                              Function 00007FFD343B5886 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4758095741.00007FFD343A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD343A0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd343a0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 76e13131e8b1a7b6eaaeaff53326ed6a3fb5a154451cfd33f05d2d9e04c34e9d
                                                                                                                                                                                                                                                                                                              • Instruction ID: 4a0d41f604b62e64b9aea23fa25c8a07c75c6b50a7215bd23ac12e4db3b86616
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 76e13131e8b1a7b6eaaeaff53326ed6a3fb5a154451cfd33f05d2d9e04c34e9d
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: ECF0E226A8E3964FC792ABA464620F8FBA49F43139B0804FAC14DDB0A2DCAD141A9255
                                                                                                                                                                                                                                                                                                              Function 00007FFD343B58EF Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4758095741.00007FFD343A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD343A0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd343a0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 77a9c5c2d49ea3e36ffed12e7cc7b116e23c11ba13fbc9877a3d638527126374
                                                                                                                                                                                                                                                                                                              • Instruction ID: 700beeb0678d4aab94d342e45895bc0d2612cf762979656be4aaec8d489f4381
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 77a9c5c2d49ea3e36ffed12e7cc7b116e23c11ba13fbc9877a3d638527126374
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A5F0A731A4D68A8FDB82EF6890626E9B7A0EF47220F5404E5C04CC7152C57DE4429780
                                                                                                                                                                                                                                                                                                              Function 00007FFD341A34F0 Relevance: 11.7, Strings: 9, Instructions: 458COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: $+4$8 +4$8u)4$@ +4$H +4$P +4$X +4$` +4$h +4
                                                                                                                                                                                                                                                                                                              • API String ID: 0-1281281129
                                                                                                                                                                                                                                                                                                              • Opcode ID: eba798e79a1cf83ba3f35c01a3e669b76623424f6c8783acf74eb9976d1e8180
                                                                                                                                                                                                                                                                                                              • Instruction ID: 24ec03b256f0b8af018af8d3acb2501821c9f3ecf51247b78f4b4d182c4f962d
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: eba798e79a1cf83ba3f35c01a3e669b76623424f6c8783acf74eb9976d1e8180
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D7D1E462B0EE8E4FEBD4DA5C94A47B977E1FF99314B0801BBD548D7297C928EC458380
                                                                                                                                                                                                                                                                                                              Function 00007FFD3419A015 Relevance: 11.5, Strings: 9, Instructions: 279COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: @6+4$@6+4$@6+4$@6+4$pD+4$D+4$D+4$D+4$D+4
                                                                                                                                                                                                                                                                                                              • API String ID: 0-1576449245
                                                                                                                                                                                                                                                                                                              • Opcode ID: 73d1ada7b05dd813a725ad15324b3397488c1d18b14d9546d3f4cb59ace353a3
                                                                                                                                                                                                                                                                                                              • Instruction ID: ec152f296f87f317cbcad020b36b2d438c0694431e0fbf23eb52332406a7e6b3
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 73d1ada7b05dd813a725ad15324b3397488c1d18b14d9546d3f4cb59ace353a3
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7C813973A1DE850FE794EB2C84A97A6B7D1FF96390F04057ED1D9C7192CA6CE8428342
                                                                                                                                                                                                                                                                                                              Function 00007FFD343A0D2D Relevance: 6.5, Strings: 5, Instructions: 237COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4758095741.00007FFD343A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD343A0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd343a0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: 84$@4$H4$P4$X4
                                                                                                                                                                                                                                                                                                              • API String ID: 0-3100767474
                                                                                                                                                                                                                                                                                                              • Opcode ID: aad2e0b989e5c597c13183f11b27f50e0b8798fdb00896f6d64631c6c594735d
                                                                                                                                                                                                                                                                                                              • Instruction ID: 215a6a16672e261a9505a42f3ecb3216fda5be2ab389dfb11454b7d50915a597
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: aad2e0b989e5c597c13183f11b27f50e0b8798fdb00896f6d64631c6c594735d
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F361E422B9DE454BE7E9BE2C54A42B973E1EF99300B1440BED15DC32D2DD28EC429781
                                                                                                                                                                                                                                                                                                              Function 00007FFD343A0D5C Relevance: 6.5, Strings: 5, Instructions: 214COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4758095741.00007FFD343A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD343A0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd343a0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: 84$@4$H4$P4$X4
                                                                                                                                                                                                                                                                                                              • API String ID: 0-3100767474
                                                                                                                                                                                                                                                                                                              • Opcode ID: 9c0ea4bac1e4136be9c9d2dd44af5c9e2af0af08d2863cc51ce6c758ebb6e5e3
                                                                                                                                                                                                                                                                                                              • Instruction ID: 422827d1f4dbf152e1e269b42f23e83b78bfce45f1dbaf4b6d9f4ddd33d5c805
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9c0ea4bac1e4136be9c9d2dd44af5c9e2af0af08d2863cc51ce6c758ebb6e5e3
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E651E532B5DE494FE7A8BA1C54E46B976E1EF99300B1400BEE15DC32A6DD38EC429781
                                                                                                                                                                                                                                                                                                              Function 00007FFD3419D260 Relevance: 5.7, Strings: 4, Instructions: 743COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: 0P(4$PP(4$PP(4$`C(4
                                                                                                                                                                                                                                                                                                              • API String ID: 0-1072028315
                                                                                                                                                                                                                                                                                                              • Opcode ID: c4054380510bfe7b4b45ed87345402a967e3edae6685a8ebdf138812658f7360
                                                                                                                                                                                                                                                                                                              • Instruction ID: c1f09407d429746ffd9a32d499b204dd5a147121cbf2676fdf15d4b7ce00da24
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c4054380510bfe7b4b45ed87345402a967e3edae6685a8ebdf138812658f7360
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E0223627F1994A4AE754DB6894A12FE77E0FF92314F18017AD19ED3183ED2CB8868381
                                                                                                                                                                                                                                                                                                              Function 00007FFD341A06AA Relevance: 5.4, Strings: 4, Instructions: 416COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: H$HB)4$`B)4$d
                                                                                                                                                                                                                                                                                                              • API String ID: 0-2122732136
                                                                                                                                                                                                                                                                                                              • Opcode ID: 74f0097e4fa692926a15b200a329d9022ed0bb6845b8e4f0d73154fbca34d009
                                                                                                                                                                                                                                                                                                              • Instruction ID: 3a689b248badb30408d410b74f0724f93c4b7f5d4f2bd09c49340469cab051b1
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 74f0097e4fa692926a15b200a329d9022ed0bb6845b8e4f0d73154fbca34d009
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 66C10232A1DF464FE7A9DF1884A49767BE1FF96300B14457ED18EC3192CA39F8428781
                                                                                                                                                                                                                                                                                                              Function 00007FFD3419E5B8 Relevance: 4.1, Strings: 3, Instructions: 389COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: HB)4$`B)4$d
                                                                                                                                                                                                                                                                                                              • API String ID: 0-3872130887
                                                                                                                                                                                                                                                                                                              • Opcode ID: 946db0c4d22276d3807ea9544eff60215ed85768784477a8796d98ab426b48ff
                                                                                                                                                                                                                                                                                                              • Instruction ID: a58a2d9ffdae0bc0c5a9ea973f010e84123d8e6368fb6c858b76e5c915db537e
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 946db0c4d22276d3807ea9544eff60215ed85768784477a8796d98ab426b48ff
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 88C1ED31A1DF458FE7A8DE08D4A1976B7E1FF9A310B14457DD18EC3296CA39F8428B81
                                                                                                                                                                                                                                                                                                              Function 00007FFD343A6978 Relevance: 4.1, Strings: 3, Instructions: 383COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4758095741.00007FFD343A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD343A0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd343a0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: (zB4$P_44$P_44
                                                                                                                                                                                                                                                                                                              • API String ID: 0-2463185823
                                                                                                                                                                                                                                                                                                              • Opcode ID: ca9222d70214f426e96621a22c375cfe320e2875a10160be346e021c95ea93b4
                                                                                                                                                                                                                                                                                                              • Instruction ID: 6468a1560c450da3a8f5cd29d2bc3e80076cb792abbe1f8cda353f25782c8ffb
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ca9222d70214f426e96621a22c375cfe320e2875a10160be346e021c95ea93b4
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7CB13961B5EA8A4FEBD8FB6C84A55B977D1EF96344B0401BED449C3293DD3CAC028341
                                                                                                                                                                                                                                                                                                              Function 00007FFD3419D469 Relevance: 4.0, Strings: 3, Instructions: 295COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: 0P(4$PP(4$PP(4
                                                                                                                                                                                                                                                                                                              • API String ID: 0-403394057
                                                                                                                                                                                                                                                                                                              • Opcode ID: 1aad3fac434d69fdab9aac54fdd15fbc1ab2cf344bfc477de699e94c6af9dd70
                                                                                                                                                                                                                                                                                                              • Instruction ID: 8ab69966cbe27a0dbc4754b86416b4a38e29a33c5849bfe89bca219d95f09729
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1aad3fac434d69fdab9aac54fdd15fbc1ab2cf344bfc477de699e94c6af9dd70
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FE918462F0894D4FEB94EBA8D8657EDBBE1FF99304F5401BAD04DE3183DD2868528B41
                                                                                                                                                                                                                                                                                                              Function 00007FFD343AA0CA Relevance: 4.0, Strings: 3, Instructions: 202COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4758095741.00007FFD343A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD343A0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd343a0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: (MB4$KB4$MB4
                                                                                                                                                                                                                                                                                                              • API String ID: 0-4024094904
                                                                                                                                                                                                                                                                                                              • Opcode ID: 6cf2cff459e13de67ddcafa55465503991b2dea2a325eec98c20df74a712ad90
                                                                                                                                                                                                                                                                                                              • Instruction ID: ca3e7c3b66509a77def7d428831ceb1421fe25c814b725bc9f6493c0c646bc7d
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6cf2cff459e13de67ddcafa55465503991b2dea2a325eec98c20df74a712ad90
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2B514C23B8DA861BFBA4F61C68A61F637D1EF96324B04413ED589C7197DD2CB8435381
                                                                                                                                                                                                                                                                                                              Function 00007FFD341A35A0 Relevance: 3.9, Strings: 3, Instructions: 178COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: $+4$8u)4$"+4
                                                                                                                                                                                                                                                                                                              • API String ID: 0-3353928748
                                                                                                                                                                                                                                                                                                              • Opcode ID: 1a9cca9210403e4049fea0eceb090a232fed3b443b7ad496f22fac7572032a37
                                                                                                                                                                                                                                                                                                              • Instruction ID: b87c6f7cf7de2a96337b7dc1d9f28bf49e9dcd695420f4fecdfcd8e7dc168033
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1a9cca9210403e4049fea0eceb090a232fed3b443b7ad496f22fac7572032a37
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2651D972A0DE8D4FEF94DF6C94646797BE1FF99304F04017BD458E7196CA28A8058790
                                                                                                                                                                                                                                                                                                              Function 00007FFD3419AB08 Relevance: 3.1, Strings: 2, Instructions: 588COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: '4$X'4
                                                                                                                                                                                                                                                                                                              • API String ID: 0-3559529355
                                                                                                                                                                                                                                                                                                              • Opcode ID: 99899a8818aaab872149ab2e042f8bb9d7d4d45bde06b74781ce4c3be5671aae
                                                                                                                                                                                                                                                                                                              • Instruction ID: 87c5eaa89aa5b16a5c68604fcf319dcfce3ef5881fcfbec3817547a08396349b
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 99899a8818aaab872149ab2e042f8bb9d7d4d45bde06b74781ce4c3be5671aae
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A1F10822B1DE4A4FEB99DF2C94A567A37D1FF9A310B0401BAD54DC7293DE18EC069381
                                                                                                                                                                                                                                                                                                              Function 00007FFD3419DE20 Relevance: 3.0, Strings: 2, Instructions: 538COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: hx(4$_(4
                                                                                                                                                                                                                                                                                                              • API String ID: 0-3871797257
                                                                                                                                                                                                                                                                                                              • Opcode ID: 661b4d611a3026ec3cab12d87e5bea09dd21bd3600df95e7b104514d159f5f00
                                                                                                                                                                                                                                                                                                              • Instruction ID: 9d96176cf523f910ae921583f996d638a293f8ad790bd6ab518efa81fa7185bb
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 661b4d611a3026ec3cab12d87e5bea09dd21bd3600df95e7b104514d159f5f00
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B9F10A32B0CE894FE759EF2C84A55797BE1EF96350B0405BEE18EC7193DD28E8428781
                                                                                                                                                                                                                                                                                                              Function 00007FFD343B18C2 Relevance: 2.9, Strings: 2, Instructions: 394COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4758095741.00007FFD343A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD343A0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd343a0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: T04$T04
                                                                                                                                                                                                                                                                                                              • API String ID: 0-3214531576
                                                                                                                                                                                                                                                                                                              • Opcode ID: 2d97f388a3d88518e73031b78f8bd59358309c25ae5765382ec117df796ddd4a
                                                                                                                                                                                                                                                                                                              • Instruction ID: a0992e32986b6035b74672e0422a2fbe66a977881d375cd61fbefdf073464571
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2d97f388a3d88518e73031b78f8bd59358309c25ae5765382ec117df796ddd4a
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E3C14B21B0DB850FD765E72C54A53757BD1EF9B360F0802BED58AC7193DE6CA8468382
                                                                                                                                                                                                                                                                                                              Function 00007FFD3419DE79 Relevance: 2.8, Strings: 2, Instructions: 318COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: hx(4$_(4
                                                                                                                                                                                                                                                                                                              • API String ID: 0-3871797257
                                                                                                                                                                                                                                                                                                              • Opcode ID: 9b53d7012c481417539eb5056a9f4f3c8febc165475cd6a97bc3875893ac8067
                                                                                                                                                                                                                                                                                                              • Instruction ID: 3647f1c1b3d04aa950366c7dedf88fa60559cd0b54db2ca28b55915c2ae7d3e6
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9b53d7012c481417539eb5056a9f4f3c8febc165475cd6a97bc3875893ac8067
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E691F622B1CE850FE758EF2C98A59793BE1EF96350B0441BEE18DC7193DD18EC428781
                                                                                                                                                                                                                                                                                                              Function 00007FFD3419D76E Relevance: 2.7, Strings: 2, Instructions: 235COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: 0\(4$8c(4
                                                                                                                                                                                                                                                                                                              • API String ID: 0-2662233689
                                                                                                                                                                                                                                                                                                              • Opcode ID: 67e5fb0e75347984531e4258bed436fd4f64333f066ab6cecb6243ac454ba217
                                                                                                                                                                                                                                                                                                              • Instruction ID: 81a956b24469c5aee722021ac2e69434227ceb4bad286cced2e1ee96f62294b4
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 67e5fb0e75347984531e4258bed436fd4f64333f066ab6cecb6243ac454ba217
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 18514673A0DD890FE759AA6C98A62FD7BD0EF87360B0401BBD189D71D3DD2C68468381
                                                                                                                                                                                                                                                                                                              Function 00007FFD3419A860 Relevance: 2.7, Strings: 2, Instructions: 188COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: $4$$4
                                                                                                                                                                                                                                                                                                              • API String ID: 0-4171976954
                                                                                                                                                                                                                                                                                                              • Opcode ID: 35b114a2f0b90962469b88d10254f4bcec3ff6e3edeb5ac4f3c2b2b4db2e9d96
                                                                                                                                                                                                                                                                                                              • Instruction ID: 919939f69aae051bc142df9b179760f2c14d449cfcd91dde745f0a65ed2f3eee
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 35b114a2f0b90962469b88d10254f4bcec3ff6e3edeb5ac4f3c2b2b4db2e9d96
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5551E603F4EDD20BF662AAAC24B51F96790EF537A6B08017BD25CD60C39C1C684E62E1
                                                                                                                                                                                                                                                                                                              Function 00007FFD3419A868 Relevance: 2.7, Strings: 2, Instructions: 181COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: $4$$4
                                                                                                                                                                                                                                                                                                              • API String ID: 0-4171976954
                                                                                                                                                                                                                                                                                                              • Opcode ID: 61663e2833a11e7556aaef260507cd2528c96e0ddf12aa6cdd2b8b083fd23cda
                                                                                                                                                                                                                                                                                                              • Instruction ID: 6b2d738f6fa96e157edf6c9064e98bb1a3294683c8073fd1c801dd780ac78429
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 61663e2833a11e7556aaef260507cd2528c96e0ddf12aa6cdd2b8b083fd23cda
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F251C503F4EDD24BF662AAEC24B51F96790EF537A9B0841BBD25CD60C39C1C684E62D1
                                                                                                                                                                                                                                                                                                              Function 00007FFD343A7541 Relevance: 2.6, Strings: 2, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4758095741.00007FFD343A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD343A0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd343a0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: PX:4$pG64
                                                                                                                                                                                                                                                                                                              • API String ID: 0-56874449
                                                                                                                                                                                                                                                                                                              • Opcode ID: b87cc21fa71f22c54f49e3dc088b066fea02072fb8acca810dc5b248c4934e74
                                                                                                                                                                                                                                                                                                              • Instruction ID: 8f6c831598e7b7da4f7723fdd1aef5ccb5242c51b57fae896833f13adeb68281
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b87cc21fa71f22c54f49e3dc088b066fea02072fb8acca810dc5b248c4934e74
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B4317C22B8E9890FE7A5F76854E65FA7BD1EF46314B5005FED14AC7092DE2DE8028280
                                                                                                                                                                                                                                                                                                              Function 00007FFD341A43F7 Relevance: 1.7, Strings: 1, Instructions: 454COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: d
                                                                                                                                                                                                                                                                                                              • API String ID: 0-2564639436
                                                                                                                                                                                                                                                                                                              • Opcode ID: bb66340ab334a7b4eed46ff2000a367a4b5f94b577a44b76c4fa700dfbdd07f0
                                                                                                                                                                                                                                                                                                              • Instruction ID: b81b251a718ec41a1ec6e79b07967ad6a57e14aae38776543f78c910e1db8165
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bb66340ab334a7b4eed46ff2000a367a4b5f94b577a44b76c4fa700dfbdd07f0
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 38E10131A1DF894FE7A9DB1894A4675B7E1FF9A300F1405BED14EC3292CE38E8429781
                                                                                                                                                                                                                                                                                                              Function 00007FFD3419D9E9 Relevance: 1.7, Strings: 1, Instructions: 439COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: h")4
                                                                                                                                                                                                                                                                                                              • API String ID: 0-2179856672
                                                                                                                                                                                                                                                                                                              • Opcode ID: 4f4844d96a7becd78cbd2ae93d7e53affd3b7688e49dc7c35c36c4f1e3e58604
                                                                                                                                                                                                                                                                                                              • Instruction ID: a7b22cfa79875a9aabf99884fa93e58e7fda5b71f5de1d051efe713d60b4fe65
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4f4844d96a7becd78cbd2ae93d7e53affd3b7688e49dc7c35c36c4f1e3e58604
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8FD1043270CF494FDB94DE28D4956A5B7E1FBA6310F14027ED14DC72A2DE2AE846C782
                                                                                                                                                                                                                                                                                                              Function 00007FFD341A3BA8 Relevance: 1.6, Strings: 1, Instructions: 383COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: d
                                                                                                                                                                                                                                                                                                              • API String ID: 0-2564639436
                                                                                                                                                                                                                                                                                                              • Opcode ID: f0b6f87397ccce04c00a59a15da07c4c4ed5d47b881d96e18a229b277163e483
                                                                                                                                                                                                                                                                                                              • Instruction ID: e9f5f2cd852670669da3d965cafd0decd9790d388d935d995db45a9586ac0088
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f0b6f87397ccce04c00a59a15da07c4c4ed5d47b881d96e18a229b277163e483
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D5C10031B1CF494FE7A8DB48D491536B3E1FF9A300B14457ED18AC3696DA39F8429B81
                                                                                                                                                                                                                                                                                                              Function 00007FFD341A3B28 Relevance: 1.6, Strings: 1, Instructions: 365COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: d
                                                                                                                                                                                                                                                                                                              • API String ID: 0-2564639436
                                                                                                                                                                                                                                                                                                              • Opcode ID: 2b6662ab0cbb160a2c9598c6443612724eb657100775dd725309c5f49a89b80b
                                                                                                                                                                                                                                                                                                              • Instruction ID: f4a543bc89c6acbea4b8f15cdab8cbf8975ea258484b7429b5636146b4f8c397
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2b6662ab0cbb160a2c9598c6443612724eb657100775dd725309c5f49a89b80b
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DEB12132B1CF458FE768EA4CA4915B6B3E0EF95315B14467ED18AC3253DA38F8428B81
                                                                                                                                                                                                                                                                                                              Function 00007FFD341A5B80 Relevance: 1.6, Strings: 1, Instructions: 307COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: N_H
                                                                                                                                                                                                                                                                                                              • API String ID: 0-343878021
                                                                                                                                                                                                                                                                                                              • Opcode ID: 58ac120ab94f7e708c988c221e0d381e875b1b4fa9cbb01c423dc1aa0759d83b
                                                                                                                                                                                                                                                                                                              • Instruction ID: 22fe6cc018ff78d6d8a91fd9eda1a23135cbc6f9cc2d929e12fb0e40470cd67c
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 58ac120ab94f7e708c988c221e0d381e875b1b4fa9cbb01c423dc1aa0759d83b
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0A71F253F1FD1A4FF7E5961C18A827423E1EBAA6A1B2440B7D58DC32AEDC1CAC065390
                                                                                                                                                                                                                                                                                                              Function 00007FFD341973E1 Relevance: 1.5, Strings: 1, Instructions: 291COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: >$4
                                                                                                                                                                                                                                                                                                              • API String ID: 0-2145365419
                                                                                                                                                                                                                                                                                                              • Opcode ID: 5640cc0d0cc039e7d9920a6a7f91176ee05719b9c9b764f63ec13c19ec794649
                                                                                                                                                                                                                                                                                                              • Instruction ID: 94ede68872e8359b1193679565c920406e175c492e84b7afb384b7ddf3ae0fc8
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5640cc0d0cc039e7d9920a6a7f91176ee05719b9c9b764f63ec13c19ec794649
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5EB10A71E0991D8FDB94EF58C4A4BEDBBB1FF5A300F5441A9D05DE7291CA38A981CB40
                                                                                                                                                                                                                                                                                                              Function 00007FFD341CE6E0 Relevance: 1.5, Strings: 1, Instructions: 287COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: )*4
                                                                                                                                                                                                                                                                                                              • API String ID: 0-4164236752
                                                                                                                                                                                                                                                                                                              • Opcode ID: ef141f44843cdf2c6f986f631132265cce436031bdd190d5262064828e3e7616
                                                                                                                                                                                                                                                                                                              • Instruction ID: 8d7bb094c280a41442d3d6703595df939c681a9041f01288ca39c6b22da1c822
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ef141f44843cdf2c6f986f631132265cce436031bdd190d5262064828e3e7616
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7A81D332708F098FDB64DB58D895AB577E1EF9A310B14067DD14EC32A2DA29FC42C781
                                                                                                                                                                                                                                                                                                              Function 00007FFD3419F2D3 Relevance: 1.5, Strings: 1, Instructions: 287COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: /Z_H
                                                                                                                                                                                                                                                                                                              • API String ID: 0-4246356779
                                                                                                                                                                                                                                                                                                              • Opcode ID: 434903352c710143e0eab458b2bb91d280b10249c51bcf9be73c4c675277831f
                                                                                                                                                                                                                                                                                                              • Instruction ID: 7a545e8c897f2d2c6bebf3dd0f83296c04dca622807b1d458bbe71cf9d8a6ee1
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 434903352c710143e0eab458b2bb91d280b10249c51bcf9be73c4c675277831f
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C9A15571E18A599FFBA8DF28D8987AC77B1FF55300F0401BAD50DD7192DE3869828B44
                                                                                                                                                                                                                                                                                                              Function 00007FFD343A352D Relevance: 1.5, Strings: 1, Instructions: 267COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4758095741.00007FFD343A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD343A0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd343a0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: pC94
                                                                                                                                                                                                                                                                                                              • API String ID: 0-395785494
                                                                                                                                                                                                                                                                                                              • Opcode ID: ee4174961cb98c0f5aa8ce1ccec5e5fb6f993467430944af7fd122fc06d96e4a
                                                                                                                                                                                                                                                                                                              • Instruction ID: fad9aa6180d1e3e7f136e37a8d0adc2055b057c2dfbbe1c84aaf8e1fedb82d92
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ee4174961cb98c0f5aa8ce1ccec5e5fb6f993467430944af7fd122fc06d96e4a
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 08818171B499598FEBD4FB5CC4A4AB977E1FF5A311B0400BAE54DD72A2CE28EC018741
                                                                                                                                                                                                                                                                                                              Function 00007FFD343A5DA3 Relevance: 1.5, Strings: 1, Instructions: 260COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4758095741.00007FFD343A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD343A0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd343a0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: G94
                                                                                                                                                                                                                                                                                                              • API String ID: 0-3683881576
                                                                                                                                                                                                                                                                                                              • Opcode ID: 64903b6e095e4dbcd639afdcc39c6addd3d6f58e2d51171edea55cf52cf8f161
                                                                                                                                                                                                                                                                                                              • Instruction ID: a5697cf60089fed67eefdc5e047a440dba70ca329d84d825cbc14336a28a5bb7
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 64903b6e095e4dbcd639afdcc39c6addd3d6f58e2d51171edea55cf52cf8f161
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7D81E73175DA8A8FE7D4FB6880A56AA77E0EF69340F4444BDD18DC71A2DE38E841C701
                                                                                                                                                                                                                                                                                                              Function 00007FFD343A5159 Relevance: 1.5, Strings: 1, Instructions: 245COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4758095741.00007FFD343A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD343A0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd343a0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: pC94
                                                                                                                                                                                                                                                                                                              • API String ID: 0-395785494
                                                                                                                                                                                                                                                                                                              • Opcode ID: 023fa6b5f855e96e351561c5d8e08bf8e0111075ec22e33b1891e2f6f16e7636
                                                                                                                                                                                                                                                                                                              • Instruction ID: 51a2486a3ba4a90568e93892cc69483c7a9bfc7f422beac62862ee8a2f3e9aef
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 023fa6b5f855e96e351561c5d8e08bf8e0111075ec22e33b1891e2f6f16e7636
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5771A131B8994D4FEBD4FB2C84A96B977E1FF69304F44017AD54ED3292DE28A841C780
                                                                                                                                                                                                                                                                                                              Function 00007FFD343A0557 Relevance: 1.5, Strings: 1, Instructions: 235COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4758095741.00007FFD343A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD343A0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd343a0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: h+94
                                                                                                                                                                                                                                                                                                              • API String ID: 0-3305033982
                                                                                                                                                                                                                                                                                                              • Opcode ID: ac8394170ab87e33eed1b84e7b8d6c05cf3e08fba818be1587922b4d1dcb0c3e
                                                                                                                                                                                                                                                                                                              • Instruction ID: ed0737ac4c4ce4a02a14d2ca691c6853bcfa9cc195c5fa8c9cfca226b5b170e8
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ac8394170ab87e33eed1b84e7b8d6c05cf3e08fba818be1587922b4d1dcb0c3e
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5D610821B4EA854FE796A76C48B61B57FF1DF9B21070801FBD489C71A3D92CAC06D382
                                                                                                                                                                                                                                                                                                              Function 00007FFD343B7A2D Relevance: 1.5, Strings: 1, Instructions: 235COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4758095741.00007FFD343A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD343A0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd343a0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: '4_H
                                                                                                                                                                                                                                                                                                              • API String ID: 0-2061995502
                                                                                                                                                                                                                                                                                                              • Opcode ID: 46692ee7666ff61dbbeb460d92d6871421aaa4eaf622aece2db906398ff7799b
                                                                                                                                                                                                                                                                                                              • Instruction ID: 8ae08f5e9a0ef6c2348be5f15bee3d475fcd715f63742447483d8ffdaf0b9361
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 46692ee7666ff61dbbeb460d92d6871421aaa4eaf622aece2db906398ff7799b
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 59912A74A09A5D8FDBA5EB68C8A57E9B7B1FF59300F5041EAD04DE7291CB34A981CF00
                                                                                                                                                                                                                                                                                                              Function 00007FFD34198D32 Relevance: 1.5, Strings: 1, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: 0p$4
                                                                                                                                                                                                                                                                                                              • API String ID: 0-1438800638
                                                                                                                                                                                                                                                                                                              • Opcode ID: 91b9c6ceb2b53952ced4699dbd9125463abee8d9ecd3fc7c53b790d7167250b3
                                                                                                                                                                                                                                                                                                              • Instruction ID: b769149b54f416f755fda59f4af4ca1c13626aa59689661ee2de4f93b66c12e9
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 91b9c6ceb2b53952ced4699dbd9125463abee8d9ecd3fc7c53b790d7167250b3
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6171B171E0DA9D8FDB55DFA8C865BED7BF1EF5A300F0401AAD049D7292CA395842CB80
                                                                                                                                                                                                                                                                                                              Function 00007FFD343AA4D8 Relevance: 1.5, Strings: 1, Instructions: 223COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4758095741.00007FFD343A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD343A0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd343a0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: P_44
                                                                                                                                                                                                                                                                                                              • API String ID: 0-389529201
                                                                                                                                                                                                                                                                                                              • Opcode ID: 2b2b1f4da3e53a4d0c024da607df7f4c5aaf3a3f08212f1c1380d88cf2d7526e
                                                                                                                                                                                                                                                                                                              • Instruction ID: b0e9ff2da6b0c6ba0ab506c83e70141c57a1fc86a35647736f7a0770da45f9f7
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2b2b1f4da3e53a4d0c024da607df7f4c5aaf3a3f08212f1c1380d88cf2d7526e
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A551F052B9EE8B0FFBE8BA5C94A557977C1EFAA20070400BED14EC32D2DD2CE8018640
                                                                                                                                                                                                                                                                                                              Function 00007FFD3419E648 Relevance: 1.5, Strings: 1, Instructions: 210COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: HB)4
                                                                                                                                                                                                                                                                                                              • API String ID: 0-1762172222
                                                                                                                                                                                                                                                                                                              • Opcode ID: 03069b2553aef43844353dc76a41748f08f6742787ec48eef262f34e263be2bc
                                                                                                                                                                                                                                                                                                              • Instruction ID: 10467c72ef1714e9c5cf567c38ca0318b9c12525f8ee5064c5e139304dfa19e9
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 03069b2553aef43844353dc76a41748f08f6742787ec48eef262f34e263be2bc
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 13511232719E0A4FD798DF1CD894A7177E0FF9A310B144679D58EC3252DA29F8828781
                                                                                                                                                                                                                                                                                                              Function 00007FFD3419D0C0 Relevance: 1.4, Strings: 1, Instructions: 194COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: ^O_^
                                                                                                                                                                                                                                                                                                              • API String ID: 0-3231731736
                                                                                                                                                                                                                                                                                                              • Opcode ID: 99fde88896414fadee44a61c51142ed253d3df29e440b1182e1b0ce8c50d8341
                                                                                                                                                                                                                                                                                                              • Instruction ID: 684497f6fc66414b456d381a6be077016b234531930bf8f17796e09b356ae748
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 99fde88896414fadee44a61c51142ed253d3df29e440b1182e1b0ce8c50d8341
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8551B527B0C7914FE753E7B8A4B51D93BA4DF8263570941F7C189CE0A3E91C288AC3A1
                                                                                                                                                                                                                                                                                                              Function 00007FFD3419813C Relevance: 1.4, Strings: 1, Instructions: 179COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: X
                                                                                                                                                                                                                                                                                                              • API String ID: 0-3081909835
                                                                                                                                                                                                                                                                                                              • Opcode ID: 6f851b00a3a483657f33bae3fcd94d7e6b9827fee0399ac7793bdf2376d6dbd0
                                                                                                                                                                                                                                                                                                              • Instruction ID: 7ac62bf5ef615bde026eea135592e818887572d30c2a79401dd1647f921f813c
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6f851b00a3a483657f33bae3fcd94d7e6b9827fee0399ac7793bdf2376d6dbd0
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 06615A31D19A6D8FDB54DF68C8A87EDBBB0EF06310F5001BAD049A72D2CB782985DB40
                                                                                                                                                                                                                                                                                                              Function 00007FFD3419ADFA Relevance: 1.4, Strings: 1, Instructions: 178COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: '4
                                                                                                                                                                                                                                                                                                              • API String ID: 0-2530865687
                                                                                                                                                                                                                                                                                                              • Opcode ID: 08e5957c28f76db79bec8c94e2eede2ac27c1b621e20c03ecf42152dc45c095d
                                                                                                                                                                                                                                                                                                              • Instruction ID: 293f54433c1d8bc13f33e41a8b2c2c933f4d0542e0af182db33f7ac96f8172e3
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 08e5957c28f76db79bec8c94e2eede2ac27c1b621e20c03ecf42152dc45c095d
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3E41D823B1CD8A4FEB94DA2C94A12B973D1FFDA350B04017AD54DC7286ED1CEC065381
                                                                                                                                                                                                                                                                                                              Function 00007FFD343B6D81 Relevance: 1.4, Strings: 1, Instructions: 175COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4758095741.00007FFD343A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD343A0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd343a0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: a2_H
                                                                                                                                                                                                                                                                                                              • API String ID: 0-3222664893
                                                                                                                                                                                                                                                                                                              • Opcode ID: 2f47b6d0470ee2b875d82defdf6670cd636b3244848c6275e1a00c74a3ec6b7a
                                                                                                                                                                                                                                                                                                              • Instruction ID: 20b71aec82fbbc7130defca51460bebe71b0c191d4eeccd75bfb6c53fe7fc3be
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2f47b6d0470ee2b875d82defdf6670cd636b3244848c6275e1a00c74a3ec6b7a
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0951A231A59A8D8FDF54EFA8C4A16EDBBF0FF1A304F44017AD049D7292CA78A841C741
                                                                                                                                                                                                                                                                                                              Function 00007FFD343A58CC Relevance: 1.4, Strings: 1, Instructions: 138COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4758095741.00007FFD343A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD343A0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd343a0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: G94
                                                                                                                                                                                                                                                                                                              • API String ID: 0-3683881576
                                                                                                                                                                                                                                                                                                              • Opcode ID: 6bb16c0b0eecd341b6d93f374b7fa00da94fc74ba5f767ab600b7118c195d614
                                                                                                                                                                                                                                                                                                              • Instruction ID: 2535f299d20eb7d48f9f91bab87404e67c8ff1fd0e525c43d4075cfe8c333509
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6bb16c0b0eecd341b6d93f374b7fa00da94fc74ba5f767ab600b7118c195d614
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BA41E432A9DB894FE3E5FA1C84992BA77E0EF96310F04053ED68DC7151DE78A8829741
                                                                                                                                                                                                                                                                                                              Function 00007FFD341D0410 Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: AY_H
                                                                                                                                                                                                                                                                                                              • API String ID: 0-614825282
                                                                                                                                                                                                                                                                                                              • Opcode ID: 06a00da6b26398c049fddd35f869c6a4362087f50c42ed2b8ed6ad9245ad7f66
                                                                                                                                                                                                                                                                                                              • Instruction ID: f119f93589503d0ae869a729edac4fbf3ab94d4b726295438f7391afa34a5a7c
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 06a00da6b26398c049fddd35f869c6a4362087f50c42ed2b8ed6ad9245ad7f66
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B441176150EAC81FD745EB6C58E9AFB7FE4DF9B210F4804EED4C9C7166D5289842C341
                                                                                                                                                                                                                                                                                                              Function 00007FFD343A5A3C Relevance: 1.4, Strings: 1, Instructions: 122COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4758095741.00007FFD343A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD343A0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd343a0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: 4
                                                                                                                                                                                                                                                                                                              • API String ID: 0-3573052677
                                                                                                                                                                                                                                                                                                              • Opcode ID: 4541d9d18dcbfdf1a562ce683183860c05804808840f2d0ed32c04f5451c78f8
                                                                                                                                                                                                                                                                                                              • Instruction ID: f87ea6bafe372a4da1707580b4862a9ecf64f090df988e5f146969eadfc13d03
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4541d9d18dcbfdf1a562ce683183860c05804808840f2d0ed32c04f5451c78f8
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2341D33165DEC58FD785FB6880A49AABBE0EF59300B4544ADD08AC72B2DD38E842C741
                                                                                                                                                                                                                                                                                                              Function 00007FFD3419CFF7 Relevance: 1.4, Strings: 1, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: tO_^
                                                                                                                                                                                                                                                                                                              • API String ID: 0-254746434
                                                                                                                                                                                                                                                                                                              • Opcode ID: c5ba8355c320b967bf1bad92f988fa6c4987c24b4654bb0873568084b43865fe
                                                                                                                                                                                                                                                                                                              • Instruction ID: 6fcd2b09cc4e7eae35268fdd6cfa8dfa2c5d5f1d9c5e2b739d14391abe6822ab
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c5ba8355c320b967bf1bad92f988fa6c4987c24b4654bb0873568084b43865fe
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E9318E27A085529BEB12FB7CE8A51FA3B90DF437297080177D54CDE1A3DF2C654A82D0
                                                                                                                                                                                                                                                                                                              Function 00007FFD3419A0F3 Relevance: 1.4, Strings: 1, Instructions: 113COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: P/4
                                                                                                                                                                                                                                                                                                              • API String ID: 0-2901870093
                                                                                                                                                                                                                                                                                                              • Opcode ID: 0f423076097f976a7f85fe87a5edb9cc6166ac273f0bcea219895d64d64e7457
                                                                                                                                                                                                                                                                                                              • Instruction ID: 4949f1c2fafcf61c962184c119bf0c8ebee1cca8981e282f45be5e94abf5ac4e
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0f423076097f976a7f85fe87a5edb9cc6166ac273f0bcea219895d64d64e7457
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F9314923B099885FE794EB3C98AD5EABFD0EF9A311B4400FBD549C7192ED1468458740
                                                                                                                                                                                                                                                                                                              Function 00007FFD3419ADF8 Relevance: 1.3, Strings: 1, Instructions: 77COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: '4
                                                                                                                                                                                                                                                                                                              • API String ID: 0-2530865687
                                                                                                                                                                                                                                                                                                              • Opcode ID: 1d108c41aa508998214389804690bd599cc0a18edd74d2c0a6858a338a09f0e2
                                                                                                                                                                                                                                                                                                              • Instruction ID: 2d1999b165ecb4f9cf931be507cc2771cc576abb70cf53b867c56071bacd2ad3
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1d108c41aa508998214389804690bd599cc0a18edd74d2c0a6858a338a09f0e2
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AA110623B1CE8B4FEA99EA2844E11E973D1FF96250B49447AD549C7282DD1CE8464381
                                                                                                                                                                                                                                                                                                              Function 00007FFD3419CEAE Relevance: 1.3, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: `C(4
                                                                                                                                                                                                                                                                                                              • API String ID: 0-341262745
                                                                                                                                                                                                                                                                                                              • Opcode ID: c78b221aee74e97617b7cb40c80f6efdeb47b92e5f4dbc7d50841596e577367f
                                                                                                                                                                                                                                                                                                              • Instruction ID: 7eb09a8dab1c33208b787ec22d93e5b10ee342fe2bbc85a2634ce78e727a0213
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c78b221aee74e97617b7cb40c80f6efdeb47b92e5f4dbc7d50841596e577367f
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BF115232B1CD194FDB98EF1CA4A666C77D1EF99711B0001AAE049D3296DE24AC0287C1
                                                                                                                                                                                                                                                                                                              Function 00007FFD3419D355 Relevance: 1.3, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: `C(4
                                                                                                                                                                                                                                                                                                              • API String ID: 0-341262745
                                                                                                                                                                                                                                                                                                              • Opcode ID: 336abb46c627459f3a405028b3ea6b0516ef87b3a92d3630fbd9d816a2af90a2
                                                                                                                                                                                                                                                                                                              • Instruction ID: c18323e56b00cf385b7f5740bbf9bb19558f0e551b29ea8cff2b5be9c36f65f7
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 336abb46c627459f3a405028b3ea6b0516ef87b3a92d3630fbd9d816a2af90a2
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E9112723A1CF810BD325A73894A17F66BA0EF82304F44446BD0DEC7183EDAC74459391
                                                                                                                                                                                                                                                                                                              Function 00007FFD34195FE5 Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: x34
                                                                                                                                                                                                                                                                                                              • API String ID: 0-2709511179
                                                                                                                                                                                                                                                                                                              • Opcode ID: ba428349f4488c1f791c68732090fb9f71d111737b80a7c7f04631bcb1d26c2c
                                                                                                                                                                                                                                                                                                              • Instruction ID: ad3f36d2a0aaa4c44a013d288923c92e44b589088335e641bc4af77ae9623f33
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ba428349f4488c1f791c68732090fb9f71d111737b80a7c7f04631bcb1d26c2c
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AF11A117B0C2A14AE612F7ADB4B11DA3B14DF82A3E70D41BBD6CC9D0A3AC04148E82F5
                                                                                                                                                                                                                                                                                                              Function 00007FFD3419AE30 Relevance: 1.3, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: '4
                                                                                                                                                                                                                                                                                                              • API String ID: 0-2530865687
                                                                                                                                                                                                                                                                                                              • Opcode ID: eed48a8495eb8315c35a7418d08ae35af9b90db67c64c61472e0898364328adb
                                                                                                                                                                                                                                                                                                              • Instruction ID: 3526c9138787e356fcc9eee73102eb3afd93ecb624584154334395cda036d5f6
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: eed48a8495eb8315c35a7418d08ae35af9b90db67c64c61472e0898364328adb
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F3018622B14D8F4FEAA9EB1880A05BA73D1FF993447544579D40DD3186DD28E8458380
                                                                                                                                                                                                                                                                                                              Function 00007FFD34194B89 Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID: H0$4
                                                                                                                                                                                                                                                                                                              • API String ID: 0-2345885517
                                                                                                                                                                                                                                                                                                              • Opcode ID: 17091fb48c8832b6ab52d9fccce5d8542bb9cab26147712b58812e6ba40834b6
                                                                                                                                                                                                                                                                                                              • Instruction ID: fe38862df3683ddef1627fb52ff2f6ab4b8ecc0d87f6ea5d3f49d9586999739d
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 17091fb48c8832b6ab52d9fccce5d8542bb9cab26147712b58812e6ba40834b6
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C201492290CACD5FE711EB2888742E93FB0EF0A210F4505F7D449C70A3EA286808C341
                                                                                                                                                                                                                                                                                                              Function 00007FFD3419CF75 Relevance: .8, Instructions: 817COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: b6539f3d718ca0c9b4e2dcd499b3d80d928f5988509ff3ad33846e0034f3ff84
                                                                                                                                                                                                                                                                                                              • Instruction ID: 788ee0a1e67aa59e7c929ff0657753125d1a0d9fb6f54a3b3eb37930fb145370
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b6539f3d718ca0c9b4e2dcd499b3d80d928f5988509ff3ad33846e0034f3ff84
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FF42F731B2DBC54FD799DB2C84A117A7BE1EF87300F1445BED6CAC7192DA2CA8468742
                                                                                                                                                                                                                                                                                                              Function 00007FFD341986DA Relevance: .3, Instructions: 345COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: b3c631d02d35694f3cff59eb5d2a5f85773eb60e626fefdd1f6cc50326f43fdf
                                                                                                                                                                                                                                                                                                              • Instruction ID: fb4b885e305f7bf4a5dc901503a2c6f680b3e61cf0eccb37baae4018762ad360
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b3c631d02d35694f3cff59eb5d2a5f85773eb60e626fefdd1f6cc50326f43fdf
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 89B1F032E1DA994FE7649F6888A47E9BBE1EF46310F0401FEC18DD7192DA7C1846CB91
                                                                                                                                                                                                                                                                                                              Function 00007FFD3419B900 Relevance: .3, Instructions: 337COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 0606140e74c688fefb09fe99d6865c22e5ae9c1bbe17ebdae44f99bf9dbf1ae3
                                                                                                                                                                                                                                                                                                              • Instruction ID: f4c3e22203678c5e95f913a4dc5c74e25aa94fa5a751c44c1dc8f124cc434dc5
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0606140e74c688fefb09fe99d6865c22e5ae9c1bbe17ebdae44f99bf9dbf1ae3
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 64A1F42270CE494FEBA5EB2C94A4AB577E1EF4A310F1401BED14DC7597CE6DA846C381
                                                                                                                                                                                                                                                                                                              Function 00007FFD341A3C08 Relevance: .3, Instructions: 335COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 13d9172a74692a6177616a1fa5ecacd8319177471f50bb58ea9b9f3e2afe434c
                                                                                                                                                                                                                                                                                                              • Instruction ID: 596d242bf1072b29f3e5204ad563c7ed93943cf842b90e90124f8845ada36d9a
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 13d9172a74692a6177616a1fa5ecacd8319177471f50bb58ea9b9f3e2afe434c
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5AA1133271DE498FEB94DB2CC494A7577E1EF5A314B1405BED18EC72A6CA29F842C780
                                                                                                                                                                                                                                                                                                              Function 00007FFD341A48A4 Relevance: .3, Instructions: 305COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 916f4e4b7c5f5dfe2b54c93db4502b56d2e35d7ec672500d3321303ee92c94fc
                                                                                                                                                                                                                                                                                                              • Instruction ID: 197f9f70fdbf6bc86cce970277be6019aaf6e66b2f370e3047160014cafb74ac
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 916f4e4b7c5f5dfe2b54c93db4502b56d2e35d7ec672500d3321303ee92c94fc
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4A914332B1DF4A4FE7A8DE2C94955A673E0FF56310B14067ED59AC3192DE38F8428780
                                                                                                                                                                                                                                                                                                              Function 00007FFD341C9A50 Relevance: .3, Instructions: 294COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: a5947dff33357e016a39ddb76e8a71afde8723098d6d2123ab380aec94718597
                                                                                                                                                                                                                                                                                                              • Instruction ID: 96c87903c2cb90531170349e4f1c7816bbbba0f12659dd66becd38309e6afb39
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a5947dff33357e016a39ddb76e8a71afde8723098d6d2123ab380aec94718597
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A6910A71A0D9855FE755E77C58A95FABBE1EF87310B4804FDD089CB2A2DD28A842C340
                                                                                                                                                                                                                                                                                                              Function 00007FFD341A3C30 Relevance: .3, Instructions: 294COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: b47307b8cd93ac2676253cc57b40c870adc8239e1a2ff4fd9ff73c57331d289d
                                                                                                                                                                                                                                                                                                              • Instruction ID: 9e5462f2018d51b9581be231f851a05dd8ce41a7dd113d88846af37ac5843b6a
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b47307b8cd93ac2676253cc57b40c870adc8239e1a2ff4fd9ff73c57331d289d
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1C913432B1DF894FE7A9DF2884955B677E0EF56310F14067ED58AC3292DE28F8428781
                                                                                                                                                                                                                                                                                                              Function 00007FFD343A3D55 Relevance: .3, Instructions: 291COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4758095741.00007FFD343A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD343A0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd343a0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 51a5545f01101c68d19c7c19ea385f450429fbeb60173759e410a9149392145f
                                                                                                                                                                                                                                                                                                              • Instruction ID: 5181647810bd37cfa24167c43ed5d86959cf0be1b8d2aa42ff24cf1d06b5716a
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 51a5545f01101c68d19c7c19ea385f450429fbeb60173759e410a9149392145f
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3381173175D9494FD7E9FB2C94A9A797BD0EF4B30071500FAE58EC72A2D928DC428382
                                                                                                                                                                                                                                                                                                              Function 00007FFD34197DC8 Relevance: .3, Instructions: 278COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 8ab271ffd55f77d6d4d190b3f25ec9e851f3289485d26c086b09ed20e4903eab
                                                                                                                                                                                                                                                                                                              • Instruction ID: 1c407d91926dba8caf1270887fa87d6ba5adf60b1bcd7d97c70d1352d368c13a
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8ab271ffd55f77d6d4d190b3f25ec9e851f3289485d26c086b09ed20e4903eab
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 80919573B19E4E8FEB94DF68C8A56ADB7E1FF56340F440579E019E3192DE28AC018790
                                                                                                                                                                                                                                                                                                              Function 00007FFD341A2969 Relevance: .3, Instructions: 274COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: bd012dd3e37112b81c2777a8fb26d3271ece675b66199e020c99d81ed8c16cac
                                                                                                                                                                                                                                                                                                              • Instruction ID: a42c0d070278a608317e244ac92645ed3cfc91d72b79ec0a8bc6f2b52cbcc773
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bd012dd3e37112b81c2777a8fb26d3271ece675b66199e020c99d81ed8c16cac
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 84710723F0EE8A0FE7A69A2C68A56B57BD1EF86210B4841F7D54CCB193DD1DAC428341
                                                                                                                                                                                                                                                                                                              Function 00007FFD34194610 Relevance: .3, Instructions: 267COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: edd7ab48cfb6f43ba66a58a57b61717e14aeca28c4243fcfff56d9561dc3ec46
                                                                                                                                                                                                                                                                                                              • Instruction ID: dce17c3e6e0b2d3868e4902ba83c9824ee1a131bb2696dc69025d39797bc9ec0
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: edd7ab48cfb6f43ba66a58a57b61717e14aeca28c4243fcfff56d9561dc3ec46
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5791C671A08A8D8FDB84EF68C894BEE7BF1FF59300F140179D458D7292DA34A846DB80
                                                                                                                                                                                                                                                                                                              Function 00007FFD3419E9B5 Relevance: .3, Instructions: 259COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: c69055a2df77c13cfa22dc87c81b69dc317b8ef750bf34ff9a5e8348e009c164
                                                                                                                                                                                                                                                                                                              • Instruction ID: 4fe987f99edf45f234679ea89479659d281deacbeff7f7d450310296c723d0d6
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c69055a2df77c13cfa22dc87c81b69dc317b8ef750bf34ff9a5e8348e009c164
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DD712B33B0DD894FEB94DA2C94B52ED7BD1EF9A314B0841BAD54CD7293DE186C028381
                                                                                                                                                                                                                                                                                                              Function 00007FFD34194053 Relevance: .3, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: d918d386771c696f286d5efff6229c0c71b7e5384760f4aa20b660cc06c09994
                                                                                                                                                                                                                                                                                                              • Instruction ID: efe88a5ac9e0968155ec481447c56fca856ff5dea31439d549ead51a929d4e5e
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d918d386771c696f286d5efff6229c0c71b7e5384760f4aa20b660cc06c09994
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E3810232E0CA5D4FE724DF6498A52E8BBA0FF56310F44027AC14DD71D2DA3C6846AB80
                                                                                                                                                                                                                                                                                                              Function 00007FFD343A2593 Relevance: .2, Instructions: 245COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4758095741.00007FFD343A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD343A0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd343a0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 814865c216c0234abf6e52df5fe808cfb5ceb69102348937a579a72f5f6d0199
                                                                                                                                                                                                                                                                                                              • Instruction ID: c2604543815e85d8a6b66018f06bb56a8dcc6b706713c7a2bc7d346beabe3bde
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 814865c216c0234abf6e52df5fe808cfb5ceb69102348937a579a72f5f6d0199
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D381303171DA498FEB94F76C94A5BAA73E1FF59300F5444BDE04EC32A2DE29A8418742
                                                                                                                                                                                                                                                                                                              Function 00007FFD34197135 Relevance: .2, Instructions: 236COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 53b709cc2498834ad36ae79e886dab098adcbe555bac7e2a6f1af1b8a05dd048
                                                                                                                                                                                                                                                                                                              • Instruction ID: 6bbca421b1955b59deb0cc14caaee40e5fdcbb652f03a589a96994de0f43efcf
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 53b709cc2498834ad36ae79e886dab098adcbe555bac7e2a6f1af1b8a05dd048
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7B514823B08D259BEB61BBACB4956F97BD4EFC5776F040137E11CCA182DE18684A43E0
                                                                                                                                                                                                                                                                                                              Function 00007FFD343AEE38 Relevance: .2, Instructions: 236COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4758095741.00007FFD343A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD343A0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd343a0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 05a2882e9748cd5cd11d3080dd51296789e29061ad5722f133c15c0d8aeb2e30
                                                                                                                                                                                                                                                                                                              • Instruction ID: 28be9a538c8b7ed82332f7feade569c82eb5e16082e3bb72da15bae06624c859
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 05a2882e9748cd5cd11d3080dd51296789e29061ad5722f133c15c0d8aeb2e30
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 60710470D08A5C8FDB98EF58C885BE9BBB1FB59300F1092AAD04DE3251DB74A985CF41
                                                                                                                                                                                                                                                                                                              Function 00007FFD34194667 Relevance: .2, Instructions: 228COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 6b1c9f092b7399c9c5f00e33ace52277c04dfd1419cbe6ed64cb2bff0d3ff5ce
                                                                                                                                                                                                                                                                                                              • Instruction ID: b9b8fa47de08d12603ee6af032ad91e100ce92b39d38240217d621e56db0c9e1
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6b1c9f092b7399c9c5f00e33ace52277c04dfd1419cbe6ed64cb2bff0d3ff5ce
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6F817371A08A8D8FDB84EF68C895AEEBBF1FF59300F14417AD41DD7256DA34A846CB40
                                                                                                                                                                                                                                                                                                              Function 00007FFD343A249E Relevance: .2, Instructions: 224COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4758095741.00007FFD343A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD343A0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd343a0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 09fd882cfbb853a2bc01c3480a4a6df6f400ebf10f4ba7286067dcb6f9d22c6d
                                                                                                                                                                                                                                                                                                              • Instruction ID: 79c63c3d526591016b153bf69a712bfdfe1f4df8aff40d47858f165e240a6fdd
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 09fd882cfbb853a2bc01c3480a4a6df6f400ebf10f4ba7286067dcb6f9d22c6d
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E9713F3171DA458FEB94FB28C4A5BAA73E1FF99300F54447DE04EC32A2DE29B8418742
                                                                                                                                                                                                                                                                                                              Function 00007FFD3419EA50 Relevance: .2, Instructions: 220COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: fced7f2e47a26518d51c3be102ae3e00a2b8c89fc8e3217cede778585d95c5cc
                                                                                                                                                                                                                                                                                                              • Instruction ID: efd3d6c3db98ee8a5f6799be299ebd8ffa90ae2c11bcf58cf740db6f832a9ba1
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fced7f2e47a26518d51c3be102ae3e00a2b8c89fc8e3217cede778585d95c5cc
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0F51A572B1CE094FEB98EA1C98969B577D0EF66380B51017DE94EC3293EE58FC018781
                                                                                                                                                                                                                                                                                                              Function 00007FFD343A2620 Relevance: .2, Instructions: 216COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4758095741.00007FFD343A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD343A0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd343a0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 4fd8a0b1816a75c7041bd6840a4888ff9f98769042ed54182b0c47db8486afdc
                                                                                                                                                                                                                                                                                                              • Instruction ID: ed9049f206a7952d509c3d6282fe884188fe7022c11ca297ef038f56037299e9
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4fd8a0b1816a75c7041bd6840a4888ff9f98769042ed54182b0c47db8486afdc
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D4613D3171DA458FEB94FB68D4A9BAA73E1FF59300F5444BDE04EC32A2DE29B8418741
                                                                                                                                                                                                                                                                                                              Function 00007FFD341A3C40 Relevance: .2, Instructions: 213COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 1d71d55e7e3d6db5dfec35e58206b131a4ecaff8dca1e09a03b0372ed8ec3728
                                                                                                                                                                                                                                                                                                              • Instruction ID: 6435a7bdf5ead7b545a29aa648e2367d8f296fb22c4accb1ab085f098baffd4b
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1d71d55e7e3d6db5dfec35e58206b131a4ecaff8dca1e09a03b0372ed8ec3728
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F951F332719E0A4FE7989F1CD888A7573E0FF9A314B14067DD54DC3256DA39F8828781
                                                                                                                                                                                                                                                                                                              Function 00007FFD343A2635 Relevance: .2, Instructions: 212COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4758095741.00007FFD343A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD343A0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd343a0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: d543f0a0240ad33921cd4eda03e7472ac6b37b6dd10e671f84ad3f99f82c8258
                                                                                                                                                                                                                                                                                                              • Instruction ID: de5ac614b1615a6f061e62fce5c2e1a45a3b95bf82f48f9ee65953eccffe7d74
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d543f0a0240ad33921cd4eda03e7472ac6b37b6dd10e671f84ad3f99f82c8258
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1B614E3171DA458FEB94F728D4A9BAA73E1FF59300F5444BDE04EC32A2DE29B8418741
                                                                                                                                                                                                                                                                                                              Function 00007FFD34194C41 Relevance: .2, Instructions: 211COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 209d5f441ceb60904cf78f7ea83a2c021f02cb0f6039cc9077c0e190628fb108
                                                                                                                                                                                                                                                                                                              • Instruction ID: ff626ab951c43f3bcb9282db5ea659fe82dd96de2b855e2e0bf390e38dee29b5
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 209d5f441ceb60904cf78f7ea83a2c021f02cb0f6039cc9077c0e190628fb108
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7C612972A0EA8D4FE755DB6C94A56E97BE1EF56300F4401FAD08DDB2A2CD396C41C780
                                                                                                                                                                                                                                                                                                              Function 00007FFD343B14E5 Relevance: .2, Instructions: 204COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4758095741.00007FFD343A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD343A0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd343a0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: aac3799e1ace66dcb999d060d3829fe49c59e10cac05645b530417afabbef27a
                                                                                                                                                                                                                                                                                                              • Instruction ID: e27d2faa5ccc77a52ebb0647bbfff526236673b036dc9c2895dc69b6817c45db
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: aac3799e1ace66dcb999d060d3829fe49c59e10cac05645b530417afabbef27a
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3B614E71A1994D8FDF94EF1CC4A5BA93BE1FFA9340F14416AE44ED32A1CA34E841CB81
                                                                                                                                                                                                                                                                                                              Function 00007FFD341A54AD Relevance: .2, Instructions: 197COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: b8e7a0b0d9504217a76f4f42729c9483a7cece81b08e6d5b1e40c219fe8cea30
                                                                                                                                                                                                                                                                                                              • Instruction ID: 1cb531482c16fdcb6852fd3221100492ad7f3c352351a052646b0771ab181227
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b8e7a0b0d9504217a76f4f42729c9483a7cece81b08e6d5b1e40c219fe8cea30
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5E41E62370EE4A0FEBD8D65CA8A16B577E1EB96320B4401BBD54DC3296ED19EC534380
                                                                                                                                                                                                                                                                                                              Function 00007FFD343A64A4 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4758095741.00007FFD343A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD343A0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd343a0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: e013f129682a80f86f26854583b705e07042b93d117027e51a05b0fb71270838
                                                                                                                                                                                                                                                                                                              • Instruction ID: 4b20bcd29a62dc8dddb930909aec009f2c6ea4aeca3594cb093806dba8d7611c
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e013f129682a80f86f26854583b705e07042b93d117027e51a05b0fb71270838
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AE41F731B9DF490FDBA8EA1C846557A77E1FBAA720B14027ED489C3255DE38FC428781
                                                                                                                                                                                                                                                                                                              Function 00007FFD343B1622 Relevance: .2, Instructions: 180COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4758095741.00007FFD343A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD343A0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd343a0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 96ba3c3553288a4242ee0959d6787f38219c518f38eb1fcc87c83b274ac582c4
                                                                                                                                                                                                                                                                                                              • Instruction ID: 12c05eb0b873d7246e3fe68385192b2f6f6f37e86222db8afb5b5f06f88f1567
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 96ba3c3553288a4242ee0959d6787f38219c518f38eb1fcc87c83b274ac582c4
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DA510B31B1C9098FDFD4EF1884A5BA937E1FFA9344F140569E94ED3291CE78E8419781
                                                                                                                                                                                                                                                                                                              Function 00007FFD343B8091 Relevance: .2, Instructions: 177COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4758095741.00007FFD343A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD343A0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd343a0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: e6c415689cb3127fbe16d0246316c54814f8cc87370f7dbf683700c72989d4e7
                                                                                                                                                                                                                                                                                                              • Instruction ID: 884880423393c5eebdbb84ac628520544096392797a48ccde4974aa944b507bd
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e6c415689cb3127fbe16d0246316c54814f8cc87370f7dbf683700c72989d4e7
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9351E06198F6C95FD707A77858B66EABFB4CF07224B0900EFD0C48B4A3C85D2486C362
                                                                                                                                                                                                                                                                                                              Function 00007FFD341945FF Relevance: .2, Instructions: 174COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 63c5d89a7e253a09c9e8e9e6826d8caf94ea6ea8615d9c7b7a8180c07cf73b79
                                                                                                                                                                                                                                                                                                              • Instruction ID: 9b7a624d3de17e93725ca7ff241fafbf70ace0cb5c0c85489c2924d6ad6ed213
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 63c5d89a7e253a09c9e8e9e6826d8caf94ea6ea8615d9c7b7a8180c07cf73b79
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FC517835219E458FDB59EB28C1B5EB677E2FF4A30575448ACD08ACB691CA39EC42CB00
                                                                                                                                                                                                                                                                                                              Function 00007FFD34196444 Relevance: .2, Instructions: 172COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 070f5acd149f2032b4fade4445cab53d75f3a5af922b0aeb720fbae0921285e3
                                                                                                                                                                                                                                                                                                              • Instruction ID: 1ea6e1addf479a034a0146d2711e11a0238ee66cf39bc9bd01fe877ab088e89f
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 070f5acd149f2032b4fade4445cab53d75f3a5af922b0aeb720fbae0921285e3
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C8511831A1CA598FDB59DF68C4A57BDBBB1EF1A300F5440ADC04EE7292CA386885DB50
                                                                                                                                                                                                                                                                                                              Function 00007FFD341A6499 Relevance: .2, Instructions: 171COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: acc9cda80d0ae3f14f6055c838240c3c545a8f11ae684ab439ca0c131fde18be
                                                                                                                                                                                                                                                                                                              • Instruction ID: 7eb0c362b84b29049b40b88eb769a577e1b7adf2e8dfd900a1d18a26bfcad456
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: acc9cda80d0ae3f14f6055c838240c3c545a8f11ae684ab439ca0c131fde18be
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B9512771E1961D8FDB98EFA8C4A47EDBBB1FF59304F501069D009E7292DB39A881CB40
                                                                                                                                                                                                                                                                                                              Function 00007FFD341A4C00 Relevance: .2, Instructions: 166COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 88687471edb0c09c3742fbac68b190f98136f89d9def26051f0117194471704f
                                                                                                                                                                                                                                                                                                              • Instruction ID: 6006124df260a9d97b9eadb2a22bf523989430a615c791f3e62be23dc733aad2
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 88687471edb0c09c3742fbac68b190f98136f89d9def26051f0117194471704f
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C641C423B1DD4A4FE7E9D71C84B47B963D1EF9A350B1841BAD54EC3296CD1CAC42A381
                                                                                                                                                                                                                                                                                                              Function 00007FFD341A4131 Relevance: .2, Instructions: 164COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: f8bb4fd9fae6eb7a8f72409b4fd357275a2877725b2b746f421fbe2d79a05895
                                                                                                                                                                                                                                                                                                              • Instruction ID: 42c60420dbf6982785e871ef579a2f1c87f8c68cd9518499cab2564a7a8ff5d6
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f8bb4fd9fae6eb7a8f72409b4fd357275a2877725b2b746f421fbe2d79a05895
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 56517172E1995D4FEBA4DB68D8A53AC77B1FF95300F1001BBD00DD7292DE3868829B50
                                                                                                                                                                                                                                                                                                              Function 00007FFD3419E150 Relevance: .2, Instructions: 159COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 57747a6da07fb5db5634a23f375fd653b7239dd0036b1063bce937d982c55f46
                                                                                                                                                                                                                                                                                                              • Instruction ID: 624ec9e9cb1f0ae2efafaafe0ddf7a486bdb76c1796484f9118be2c3a6492a3d
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 57747a6da07fb5db5634a23f375fd653b7239dd0036b1063bce937d982c55f46
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BA410A32B08E494FE769EB7C84A52B977D1EF9A350B0445BED05EC72D7DD1868028781
                                                                                                                                                                                                                                                                                                              Function 00007FFD34192F45 Relevance: .2, Instructions: 158COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: d2cb7005a64cc8ab42b6c51374ada278375e7914238a1da801efde4a9e5551ff
                                                                                                                                                                                                                                                                                                              • Instruction ID: d07f24ae1aad9d7ad27cae95df0933c1b6dcd73389b6a62f949078ff3bdec102
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d2cb7005a64cc8ab42b6c51374ada278375e7914238a1da801efde4a9e5551ff
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6D51E971A18A1D8FDF94EFA8C895AED7BF1FF59305F10016AD50DE3291CA78A841CB80
                                                                                                                                                                                                                                                                                                              Function 00007FFD341D3180 Relevance: .2, Instructions: 157COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: a1b9e7872a051f50e5f7268cb883c1f2ca4e53cc5ee08ef1b6721b41b1df5dcb
                                                                                                                                                                                                                                                                                                              • Instruction ID: 2b239e5598df0a7de4dd8be4b7c76953c0d458605f03e1ae55cf931207747896
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a1b9e7872a051f50e5f7268cb883c1f2ca4e53cc5ee08ef1b6721b41b1df5dcb
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AF41F673B1DD8A0FEB59F76C94A65F977D1EF9A26470401BFE14AD3193DE18A8028380
                                                                                                                                                                                                                                                                                                              Function 00007FFD341904FA Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 64e3d234e454c9658aa5de707ce83c76b7855804b0e3c64ed4592c7351fb2f99
                                                                                                                                                                                                                                                                                                              • Instruction ID: 68b67c68aad1e32cdbc66d37134d6df852f46eff0de01f6910a46d6a1caddc83
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 64e3d234e454c9658aa5de707ce83c76b7855804b0e3c64ed4592c7351fb2f99
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D351B135A08A5E8FEB54EB68C4A57FE7BF1EF56310F0400BAD149E7191CA3C58859B40
                                                                                                                                                                                                                                                                                                              Function 00007FFD341935BA Relevance: .1, Instructions: 147COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 953c185f58e981e532cc8e47f75c25f066a7494819e5a07cc4bda14dfd38b975
                                                                                                                                                                                                                                                                                                              • Instruction ID: 0aa80e8d09096e3f43857eea4bf668ddb89ea82c9a9fdc8450428ff2593ab7c1
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 953c185f58e981e532cc8e47f75c25f066a7494819e5a07cc4bda14dfd38b975
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0151CA6290E5D90FE356DB7C94B55EABFA0DF4B260B4401FEC089CB1E3D9182946C751
                                                                                                                                                                                                                                                                                                              Function 00007FFD34192F38 Relevance: .1, Instructions: 147COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 5b24232df2eb5d3d61f0fb4c7419a094be8174db0fa453a62864eacdf4c1a498
                                                                                                                                                                                                                                                                                                              • Instruction ID: d6960f5e4a929e73ee473ae68cefc57047c1b6988a65c6165d62f37e12962988
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5b24232df2eb5d3d61f0fb4c7419a094be8174db0fa453a62864eacdf4c1a498
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 75410A71A18A1D8FDF94EFA8C895AED7BB1FF59305F10017AD10DE3291CA78A841CB80
                                                                                                                                                                                                                                                                                                              Function 00007FFD3419A010 Relevance: .1, Instructions: 147COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 79a7ca6fcf94da9c3c22bd6d01975b5583a677acc64a59c617c0d856a02beaf9
                                                                                                                                                                                                                                                                                                              • Instruction ID: f3becae37f8916cd01000f0a572d4dc4e1f20974186cc5a67fb6f0e76f2e2b7c
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 79a7ca6fcf94da9c3c22bd6d01975b5583a677acc64a59c617c0d856a02beaf9
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8A41A33171DE858FDBE5EB2CC0A4EB677E1EF56304B1445A9D08AC72A6CA28F845D740
                                                                                                                                                                                                                                                                                                              Function 00007FFD341A2CD0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 5a3cf8ab8e93b144bffe24c61cb52bb0cf1a3de9e2942202aed832b8d3f13957
                                                                                                                                                                                                                                                                                                              • Instruction ID: d03852fd6b1fff4a8c5e37608372be29e78061c3f9ff88187cd0367b8021d048
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5a3cf8ab8e93b144bffe24c61cb52bb0cf1a3de9e2942202aed832b8d3f13957
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4E312863B1DE1A0FE7D4A62CA4693BA73D1EB99310F0405BBE44DC32E5EE1D984243C1
                                                                                                                                                                                                                                                                                                              Function 00007FFD3419F198 Relevance: .1, Instructions: 144COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: ae2cba3c784e472a50133ece0260a79f64ca335baccf345cd496b39b1a85310b
                                                                                                                                                                                                                                                                                                              • Instruction ID: 18e8e977c8b90f2c5618a7dca90b4be125265f7870a30078af9e441ae6782c71
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ae2cba3c784e472a50133ece0260a79f64ca335baccf345cd496b39b1a85310b
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 16416D32B08E0A4FDBD8DF1894A56BA77D1FFA9310F10017EE51ED3395CE29A8129781
                                                                                                                                                                                                                                                                                                              Function 00007FFD3419FD93 Relevance: .1, Instructions: 143COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: bbb82cc462c2d2c214712be29f2b7469e57d9a2b311b49b026365c37f1094bf3
                                                                                                                                                                                                                                                                                                              • Instruction ID: 94ab60f01cd77a71126c2fb8cf75aef944caf12d82e93be950eb2ceb126edc62
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bbb82cc462c2d2c214712be29f2b7469e57d9a2b311b49b026365c37f1094bf3
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BA414E72F0895A4FEBA5DF18C8A97A9B3E1FF99300F1001F6D45DE2192CE3469829B50
                                                                                                                                                                                                                                                                                                              Function 00007FFD34193048 Relevance: .1, Instructions: 140COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 9aede631e179d4e9e328379c2bd181886c0c04bff06a3506093c9dee6dfb64b3
                                                                                                                                                                                                                                                                                                              • Instruction ID: dc6d20d9f338dc1de6b47ec5c84d393f3d1529c72b651cc295eae1d035ca8b69
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9aede631e179d4e9e328379c2bd181886c0c04bff06a3506093c9dee6dfb64b3
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 17419371A05A8D8FDB88DF58C8955FE77F1FF99314F04057AE409E3255DA34A845C780
                                                                                                                                                                                                                                                                                                              Function 00007FFD34193CAD Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 8f71b99c473d444bd1cc9cd7cb7cb6933b9eb6cee3224d72d0629ee8fd4d7180
                                                                                                                                                                                                                                                                                                              • Instruction ID: 3aee000a760d340eb256c6a0a1e5aa8c1f36a857c58ba216009784166dcb6063
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8f71b99c473d444bd1cc9cd7cb7cb6933b9eb6cee3224d72d0629ee8fd4d7180
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 79413A72E19A1D8FEB54DF98D4A56FDBBF1FF4A300F54003AD149E7281CA3868419B80
                                                                                                                                                                                                                                                                                                              Function 00007FFD34195768 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 660a9e310acd94e2a2aba236be88599f18f558831b02bb3a7229cc5352a7616b
                                                                                                                                                                                                                                                                                                              • Instruction ID: fd598d4333aea0a679c0ca41c12605ae8db3ee8fbefe579a424dcd13bb1df09e
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 660a9e310acd94e2a2aba236be88599f18f558831b02bb3a7229cc5352a7616b
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2341B032A09A599FEB94DFA894A52FDBBB1FF4A310F50047AD049E7296CA395841C780
                                                                                                                                                                                                                                                                                                              Function 00007FFD341A5148 Relevance: .1, Instructions: 134COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 2c4a50f491fe50d51411fcf05364c3429ce31298c49a91f9ceda529c410e94dc
                                                                                                                                                                                                                                                                                                              • Instruction ID: 8137c072135a7c1550d4011d2d37f4197ddae08d041789e25b0a810c7baa98b9
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2c4a50f491fe50d51411fcf05364c3429ce31298c49a91f9ceda529c410e94dc
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5F41B63171DE858FDBE5EB2CC0A4EB577E1EF59304B1445A9D08EC72A6CA28F845D780
                                                                                                                                                                                                                                                                                                              Function 00007FFD3419BF69 Relevance: .1, Instructions: 129COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: a3cbc0df627e50acade5cf6251fa99a8eeed0ab68276d120cdd0ffa63dc6415a
                                                                                                                                                                                                                                                                                                              • Instruction ID: e9a1ea95d911f6e6961b330eff5cc8b58250e8f0b5135d5fb426597548f659e4
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a3cbc0df627e50acade5cf6251fa99a8eeed0ab68276d120cdd0ffa63dc6415a
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9631B026B0EBCA0FD7A69B2888711653BF1EF9724071D41EBC189CB193DE1CA8069352
                                                                                                                                                                                                                                                                                                              Function 00007FFD343A089D Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4758095741.00007FFD343A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD343A0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd343a0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 7188a43569add152b46a5ecd297b24c3dc74aba6927c46c9f384090dce761e6d
                                                                                                                                                                                                                                                                                                              • Instruction ID: 5f069566ad523c0c54fe4d10acea60fb2d7dc004062dd4bff11a007dde0cadde
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7188a43569add152b46a5ecd297b24c3dc74aba6927c46c9f384090dce761e6d
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E031F722B4E9890FE7A5AB3C58696E57BE1DF9A210B0901FFE189C3197DD1C9C428381
                                                                                                                                                                                                                                                                                                              Function 00007FFD343A8159 Relevance: .1, Instructions: 121COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4758095741.00007FFD343A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD343A0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd343a0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 63ac44d0539aa82f27d7f927f353a18eb580371c4dec19f73a60aba0ffedbe3f
                                                                                                                                                                                                                                                                                                              • Instruction ID: 25a4818b5e7529790febecbbdadcc4590653c24ce3eb1b41402d1bb6ec8d6e84
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 63ac44d0539aa82f27d7f927f353a18eb580371c4dec19f73a60aba0ffedbe3f
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DE312C22B8FAC50FE396A72C08791B53FE0DF5721070900EBC498CB1A3D91C5C06C381
                                                                                                                                                                                                                                                                                                              Function 00007FFD3419EA35 Relevance: .1, Instructions: 120COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: d4054fe05f82aadc6c025da4e40de0579ce1c6c71085b9683cc9571567d1583e
                                                                                                                                                                                                                                                                                                              • Instruction ID: 224bf12dd6b349867a91edd40fce8d70ff7e8f984ab969e0c15c0a67e3c32bca
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d4054fe05f82aadc6c025da4e40de0579ce1c6c71085b9683cc9571567d1583e
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F9310413B0DD8A0FF764A62C94A86B66FC1EF9A2A0B1400BAD5CDC7197ED48AC428341
                                                                                                                                                                                                                                                                                                              Function 00007FFD3419BB05 Relevance: .1, Instructions: 120COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: e8c99accea053168ba170f474ae9b6952ff5d3338ac20bfdfb9b09cb6ab917e8
                                                                                                                                                                                                                                                                                                              • Instruction ID: 9fa78d77ebd6d451d261e4439c7abe5b5dfa7bac0daa8b096e0e0c27e6bfe22f
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e8c99accea053168ba170f474ae9b6952ff5d3338ac20bfdfb9b09cb6ab917e8
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AA415B62A0DAC95FE345EB7888766EA7BD0FF02314F0805BAD59ADB193DD2C24058780
                                                                                                                                                                                                                                                                                                              Function 00007FFD341A4040 Relevance: .1, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 3e7079fd6dfba3d569ef143bed5b76426210a4109d7eb516e49487c8cdd63283
                                                                                                                                                                                                                                                                                                              • Instruction ID: 3b6ebbfd9e531c8d6b2da20565dbd5340d05080233f1aeeea07099a570d24e01
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3e7079fd6dfba3d569ef143bed5b76426210a4109d7eb516e49487c8cdd63283
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F221E723B0ED4E0FEBD8E52C64B52B963D2EBD9295B54417BE44DC3289DD29EC069340
                                                                                                                                                                                                                                                                                                              Function 00007FFD3419BE2B Relevance: .1, Instructions: 112COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 20a7eec69293a0d3d3338ea3ea51bf432ec730c85d632fcdf4606ce09632a887
                                                                                                                                                                                                                                                                                                              • Instruction ID: 120bd0caa3650fe476c3df0327b78763ece60e7debfa69c4163583ee5c15de2c
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 20a7eec69293a0d3d3338ea3ea51bf432ec730c85d632fcdf4606ce09632a887
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5031E923B0CE8A0BE7A5EE6854E92F573D1FBA9350B04057BD14DC7196DD1CAC464381
                                                                                                                                                                                                                                                                                                              Function 00007FFD341C8C60 Relevance: .1, Instructions: 109COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 03aec1f25383861c6fa7b4a3c16019515e0a982ca909e7ff3145433c7aa3601c
                                                                                                                                                                                                                                                                                                              • Instruction ID: b55a8d508a7efa68b840c1fa1c3a1933f545484ed6c4d931193cc053f1099075
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 03aec1f25383861c6fa7b4a3c16019515e0a982ca909e7ff3145433c7aa3601c
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D7315031B08E1C8FDBA8EB68D895AA9B7E2FB99311F14057ED00AD3295CE75A8058740
                                                                                                                                                                                                                                                                                                              Function 00007FFD343B2DB5 Relevance: .1, Instructions: 108COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4758095741.00007FFD343A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD343A0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd343a0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: f149b5e81712967507846df7b89694ce3c823cd1f77abba1b15e3dd4b96bbb2d
                                                                                                                                                                                                                                                                                                              • Instruction ID: cb0f11b83cabb1749e9eb87aaeb56ac4f3b4e73707875cd2d7d5271911ccb0f3
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f149b5e81712967507846df7b89694ce3c823cd1f77abba1b15e3dd4b96bbb2d
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9831B232A0964D4FEBA4EF5888A53EDB7B1FF56300F40017AD519E7296CE79A8118781
                                                                                                                                                                                                                                                                                                              Function 00007FFD341A2B9D Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: cdd7c46192d891a941620b91f2e4e03df973cb10bd182d02bb3658346f86a1f6
                                                                                                                                                                                                                                                                                                              • Instruction ID: eae4db44642e2c3b81c872f8a5bd44f2ebf69527efff4faa81a363332184a61e
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cdd7c46192d891a941620b91f2e4e03df973cb10bd182d02bb3658346f86a1f6
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 58214D37B0DC4606E7A8526DB8A11F66BC1DFC636871C01BBD94CC6293D91E9CC297C1
                                                                                                                                                                                                                                                                                                              Function 00007FFD341A38CC Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 5e980062da9777f3936875b46f1b1e07f84cdeb78cca7c0c71dc19bd661f8922
                                                                                                                                                                                                                                                                                                              • Instruction ID: e00081d2593fcf46bd5d5785079894ef193384f35938910a8dbdc7aed80b51c6
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5e980062da9777f3936875b46f1b1e07f84cdeb78cca7c0c71dc19bd661f8922
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 51211D2274DC0D8FEAE4EA0CE095B6473D2EF9D360B1806BAE54DC72A5D929EC458780
                                                                                                                                                                                                                                                                                                              Function 00007FFD34195201 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 0a0a8bf16525e13404d8328b5d03835045ea4b1881648c122bfb434361888fb3
                                                                                                                                                                                                                                                                                                              • Instruction ID: 2bc5ff05b76296c140f8c531a0a1d7ac57c8ca0073788cc59c980bc85f943040
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0a0a8bf16525e13404d8328b5d03835045ea4b1881648c122bfb434361888fb3
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F021B475909A8C9FDB55EFA8D8A56EE7FF0FF5A310F0400AFD049E7291DA245841C781
                                                                                                                                                                                                                                                                                                              Function 00007FFD3419852F Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 551e0b31c4e7b558538cd9b77c74f144c2fd5b946510915a3bf50ecb0c34e8bb
                                                                                                                                                                                                                                                                                                              • Instruction ID: 93c93993c503e12be44d01dd7e9d0ecf314d126e2d5f9929a755f361638215d0
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 551e0b31c4e7b558538cd9b77c74f144c2fd5b946510915a3bf50ecb0c34e8bb
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4B318F31E09A4D8FEB94EF68C4956EDBBF1EF5A310F5400BAC149E7192CA386846CB50
                                                                                                                                                                                                                                                                                                              Function 00007FFD341A5DDD Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: bfd9375396f676b977ac93ddbe88fd4bfb9ae0480908c5c20c0980a7c190541b
                                                                                                                                                                                                                                                                                                              • Instruction ID: 281703b0d2d26067654e5ff60ba93f3df043ceb3f2d7952eab97d76a8895e070
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bfd9375396f676b977ac93ddbe88fd4bfb9ae0480908c5c20c0980a7c190541b
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 38119C3371DD590FEBD5913CA4692BA77D1DBDA17531402BBD58DC724ADD188C438381
                                                                                                                                                                                                                                                                                                              Function 00007FFD343B3467 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4758095741.00007FFD343A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD343A0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd343a0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: ddb7f6d525a33de78ac6069dd2614fdef6cadbd7d4d8bec66af5d5bc79274a77
                                                                                                                                                                                                                                                                                                              • Instruction ID: c9ea44bb0eef9a6ae8f78775feaaff2142f2b939893e41361e490c27da69037d
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ddb7f6d525a33de78ac6069dd2614fdef6cadbd7d4d8bec66af5d5bc79274a77
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 61316C71A4852E8FDB94EF18C8A1BE973B1FF59300F5042B9D11DC3281CBB9A981DB81
                                                                                                                                                                                                                                                                                                              Function 00007FFD3419425B Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 91706099127c1a904441b3a9677f1c9b0051327d0d8826b060816f23da93999e
                                                                                                                                                                                                                                                                                                              • Instruction ID: 96fef9740574ce41c24606b5cf0c6e0efb554e24d35126be3b79c24d89a55936
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 91706099127c1a904441b3a9677f1c9b0051327d0d8826b060816f23da93999e
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F721C03288E3C54FD3174B7068625E57F78AF03251F0A01E7D088DB493C52D559AD3A2
                                                                                                                                                                                                                                                                                                              Function 00007FFD341A5E30 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 7a8045fab1d660ee41ff2de46dee425982ccaec05af370c19b6ced61000c3cfb
                                                                                                                                                                                                                                                                                                              • Instruction ID: fc7ee92b85232d49d6c4823ab40560faea95cc7084e9918598bc0a7da6f019a1
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7a8045fab1d660ee41ff2de46dee425982ccaec05af370c19b6ced61000c3cfb
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C011C433B1ED0A0FAFE8D51C60A56B5B3D2DBE9266714057BD54EC3289DD19DC434380
                                                                                                                                                                                                                                                                                                              Function 00007FFD34199D10 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 06b58f7b57bd6e1baca396604f7e90ac612b61e97d7d4859b8e93fbbed6339d1
                                                                                                                                                                                                                                                                                                              • Instruction ID: b2b605439438938b8963ccdf5759a5b4197c4e1607c6b6aa936a8e41db80b3af
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 06b58f7b57bd6e1baca396604f7e90ac612b61e97d7d4859b8e93fbbed6339d1
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AA112123B2FC090FE6E4846D3CE91B42EC1DBDA215B1500FBEA8CC32B2DD199C419281
                                                                                                                                                                                                                                                                                                              Function 00007FFD341A60E1 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: afc4d20f46f7a8b4cc113ac0e9b7eef441230c9750a36e620ed2db3a59442494
                                                                                                                                                                                                                                                                                                              • Instruction ID: 839734fca7ba8f73136a304b327a976f7dec018987e7ce2a51e4a758aa92f70d
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: afc4d20f46f7a8b4cc113ac0e9b7eef441230c9750a36e620ed2db3a59442494
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8611A363B1FD450FE7D589692CBD1652EC1EFDA61571A00FBE58CC32B3DA199C019382
                                                                                                                                                                                                                                                                                                              Function 00007FFD341A6EAF Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: e7e94264635326b7a4da695278932b05a78112e637ab6d1d90728592fd8ea024
                                                                                                                                                                                                                                                                                                              • Instruction ID: ca37f524d27f9995f9736c9c5506416c8320684e5bafc9a6fe09f764d46e73ee
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e7e94264635326b7a4da695278932b05a78112e637ab6d1d90728592fd8ea024
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AD21363191868D8FDB50EF20D8515EA7BB4FF4A314F0102BAE85CC7192DB38E962CB91
                                                                                                                                                                                                                                                                                                              Function 00007FFD34190C58 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: ff003f43c16ed1a2c1976e71b94a5b90b4afe36e0151f6615bea8d3109d11b55
                                                                                                                                                                                                                                                                                                              • Instruction ID: 3f44443bccd548b5a44ee6b6f632d08b9e30f7bcb0949de5b6a033e67e7db733
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ff003f43c16ed1a2c1976e71b94a5b90b4afe36e0151f6615bea8d3109d11b55
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 81213A36A0E5955FE325E77888651EA7F50EF42311F0500FED149DB1E3DA286944C7C1
                                                                                                                                                                                                                                                                                                              Function 00007FFD34194F88 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 47a6ac97beabab493de71af274c2c1b5fad318637dfca56c7661afb75cf67e55
                                                                                                                                                                                                                                                                                                              • Instruction ID: 24d694fc40c25b189aefa10f48bd7f4052edbe1d0f2c44994397aa8994edf5d2
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 47a6ac97beabab493de71af274c2c1b5fad318637dfca56c7661afb75cf67e55
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 13216222A1EE8A4FE754AF6884B52F9BBA0EF47300F4415B5D149D7193CF2C6841A680
                                                                                                                                                                                                                                                                                                              Function 00007FFD341A5EB9 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: f0574c1afbbbf189dff84cc9b32bd0fdca6f76dfcaaa6084273e431c83cb699a
                                                                                                                                                                                                                                                                                                              • Instruction ID: 810b6d1acecc2d81fd480b2680ad03f0533e8d7b830812863af99290cdf57a9e
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f0574c1afbbbf189dff84cc9b32bd0fdca6f76dfcaaa6084273e431c83cb699a
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2B110233B0ED8E1FE7D4D62C64B96B977E1EF9A251B08017AD94DC3686DE2DAC418340
                                                                                                                                                                                                                                                                                                              Function 00007FFD341A532A Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 2de3379316fcfffd294c4fca36e3c15bafb712ddec4405a9c0fc01e652f09d9c
                                                                                                                                                                                                                                                                                                              • Instruction ID: 8361e316c809e60a387b958916e9876b563c44161dee7b7b82252dd401546c61
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2de3379316fcfffd294c4fca36e3c15bafb712ddec4405a9c0fc01e652f09d9c
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AE11ED63B0EE0A4FEAE8D50CA0A42B563E1EFE9364350457FC14ED3189DE18EC0A8340
                                                                                                                                                                                                                                                                                                              Function 00007FFD343ACD5E Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4758095741.00007FFD343A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD343A0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd343a0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 795c3da5a69eb784721cf4b9a52bad7f9dcce1f4cad58af97633def276d98122
                                                                                                                                                                                                                                                                                                              • Instruction ID: 6bfd6638cbfc31257d830416d4555af35fdd07392b10419ed20269a5c68877cd
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 795c3da5a69eb784721cf4b9a52bad7f9dcce1f4cad58af97633def276d98122
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E3017953F9E94A0BF9E8755C38B20F577D1DB966A075441BBD15EC31C7DC1EA8032144
                                                                                                                                                                                                                                                                                                              Function 00007FFD341A6EE5 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 3ed7441006579a628657cc8a2338be53371bb9b833d5872784d0aa1c552c6b97
                                                                                                                                                                                                                                                                                                              • Instruction ID: b9562c2c45fcada357959533ceb2e6f27d884a496f2d081291cdb47946efcf99
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3ed7441006579a628657cc8a2338be53371bb9b833d5872784d0aa1c552c6b97
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6411263195D3CA8FD7429F309C661E63FB0EF0B314F0541AAE888C75A3CA2CA552C792
                                                                                                                                                                                                                                                                                                              Function 00007FFD34195C19 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 486a240e1666415efbbfb63f27acbef6b22bfe8999029e781879dba1360a7f00
                                                                                                                                                                                                                                                                                                              • Instruction ID: d7fbcd28619ca1c3b472f4868eab848cc53ad74e1fb0291d889b8f264f89af2e
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 486a240e1666415efbbfb63f27acbef6b22bfe8999029e781879dba1360a7f00
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8811B27190EAC85FD756EBB858AA1EDBFF0DF0B244B5808EEC0C59B1A3C5695886C740
                                                                                                                                                                                                                                                                                                              Function 00007FFD34192E68 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 3f8a97f19ca22a2d12160f7827f4c55cc7cc8e480d57aa19d12b4294f46957c3
                                                                                                                                                                                                                                                                                                              • Instruction ID: deef1ffa2f1131470c1997fbe55fb588e0ccc98ce1910ebe2053dbe35de6e8ff
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3f8a97f19ca22a2d12160f7827f4c55cc7cc8e480d57aa19d12b4294f46957c3
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B4119332B1998E5FEBD4DF1888D42E9BBE0FF56300F40047AD45CD2196DE38A9418780
                                                                                                                                                                                                                                                                                                              Function 00007FFD3419D965 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 7e73db974b62013f73bb0879451b12a7c483e505a50f1f6c3bf62c2085a52fa2
                                                                                                                                                                                                                                                                                                              • Instruction ID: 98635a54abd478f631a261d78ac0e098d0d6b2fb8bb966684398fd17825f36b8
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7e73db974b62013f73bb0879451b12a7c483e505a50f1f6c3bf62c2085a52fa2
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BA115A3150E7C44FD306AB3888699617FF0EF6721570945EFD488CB1B3DA29994AC752
                                                                                                                                                                                                                                                                                                              Function 00007FFD343B7DB5 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4758095741.00007FFD343A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD343A0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd343a0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: c23168e0f3194a640d0364e73e909019f26b2600815bc3dd463e07b5c02b3065
                                                                                                                                                                                                                                                                                                              • Instruction ID: 55d097c60aeb92fa641ca1f5525d974c1e41e609a43f623aa1551d46492ee956
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c23168e0f3194a640d0364e73e909019f26b2600815bc3dd463e07b5c02b3065
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EB119171A496698FEB15DB5898E57FDBBB0EF06304F0400BDC149A7282CF7C5909DB51
                                                                                                                                                                                                                                                                                                              Function 00007FFD3419748A Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 5c78384d66ad467478be1ea20e1815d330ad4b7ec2337eeea31561b30586f646
                                                                                                                                                                                                                                                                                                              • Instruction ID: 22f7f62293aa3c13ed73a5f1f65e4fd86f12fe616cd0997f3b20b6aadbfac1d2
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5c78384d66ad467478be1ea20e1815d330ad4b7ec2337eeea31561b30586f646
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6411C236E0891D8EDB98EF58D4A47ACBBB1FF9A300F1011BAC11DE7252CA3469819B40
                                                                                                                                                                                                                                                                                                              Function 00007FFD34194DCE Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: a87bd5119b7d68171914bec4f384755017fcae8791a283b95c764d7338cff9ff
                                                                                                                                                                                                                                                                                                              • Instruction ID: c828108b43734f760ae8eb5b92b765f4d7fd1e4cb9b7a9944f128f758b713a62
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a87bd5119b7d68171914bec4f384755017fcae8791a283b95c764d7338cff9ff
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 38118231A099494FEBA4DB6CC8A57E9BBB1EF56200F4080E9C04DD7251CE396882CB00
                                                                                                                                                                                                                                                                                                              Function 00007FFD3419A690 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 321d45ed0ed2ab356390d109bef3129766b8473f82e85e545ecc7e9b7ad95e4e
                                                                                                                                                                                                                                                                                                              • Instruction ID: 12e2968355c4dbaaa9a376c2a27c04f2cb6715b5ac4b15b281351c9bbf01c5fb
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 321d45ed0ed2ab356390d109bef3129766b8473f82e85e545ecc7e9b7ad95e4e
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3B016D32B08C4A0FEA94EA5CA89567A77C5EB99350F40027AE90DC3256ED29EC458381
                                                                                                                                                                                                                                                                                                              Function 00007FFD341A40B8 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 4904cd0ca10b6818abcdbd76936bbeacfbf5eb404c22705e4a1cc34c89644b1b
                                                                                                                                                                                                                                                                                                              • Instruction ID: 597f444fcc0ce5018e48fdcf689116450de25c5878f71635e0293a2c5e566823
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4904cd0ca10b6818abcdbd76936bbeacfbf5eb404c22705e4a1cc34c89644b1b
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8F012447B0EC560FE2A1AA6C28E92F56F90EFA627170401BBD24CD3193E80C2809A380
                                                                                                                                                                                                                                                                                                              Function 00007FFD34195E82 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: d025f44ddc8bc88d973582c4952cd3ef35fbb2335b817fce1b342ed4e70a81bc
                                                                                                                                                                                                                                                                                                              • Instruction ID: 79a967c1e264fe598567dacc09f8b2bcb5577f3d03ef2aa6a3053c643b53df24
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d025f44ddc8bc88d973582c4952cd3ef35fbb2335b817fce1b342ed4e70a81bc
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CD11A371E1979D8FDB45DF6884A56EDBFF0EF16300F0401AAD485D7152C638A842C791
                                                                                                                                                                                                                                                                                                              Function 00007FFD343ACD94 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4758095741.00007FFD343A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD343A0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd343a0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 2643fe08469f2269ea22d2cd8574d51b55726a270d2b3768bb882a04e5fda95e
                                                                                                                                                                                                                                                                                                              • Instruction ID: 335f8018b2366aac39c192270e2fc2534dc3d0d0c60d9d7fa3538e313bea23dc
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2643fe08469f2269ea22d2cd8574d51b55726a270d2b3768bb882a04e5fda95e
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BFF0C263F9EA4A0BB6A8710C38A21F873D1DB966A075401BBD55EC3287DC1E6C032184
                                                                                                                                                                                                                                                                                                              Function 00007FFD341A2D68 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: abd53216644ce94561062b5d16e5f988aa56eee5194e7b1fd683e3ae2ad35791
                                                                                                                                                                                                                                                                                                              • Instruction ID: ad584fbf56986a905205cbf7689922701d64bcb7fd4fb7c740d6bc8dd2e946b3
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: abd53216644ce94561062b5d16e5f988aa56eee5194e7b1fd683e3ae2ad35791
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0D01F531A09F484FE794EB2C80986BA7BD1EFC5310F04097FD88DC7361DA38A4458741
                                                                                                                                                                                                                                                                                                              Function 00007FFD3419BF80 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 5e97f3a6ae9bae155e4e804b54a8c826b6fae33119553c8b06437b58da2685a8
                                                                                                                                                                                                                                                                                                              • Instruction ID: 7c63382e8a7cd75b333581d6b3be5bfc36948d2a2e452baf1c182cee177f4b5a
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5e97f3a6ae9bae155e4e804b54a8c826b6fae33119553c8b06437b58da2685a8
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4301A932B19D4F4FDAA8EF5C90A05B673E6FFA5340754457AD01DD3285DD28EC414781
                                                                                                                                                                                                                                                                                                              Function 00007FFD34194228 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: c667ca817d23aa906a0600842e4230aa13a726aa76ae0b63456d8124ac333d4a
                                                                                                                                                                                                                                                                                                              • Instruction ID: 7bce040273d4eb951336f40dfa14e32d3ef03a066307db7fd9592113de5c87e0
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c667ca817d23aa906a0600842e4230aa13a726aa76ae0b63456d8124ac333d4a
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 45F06236E4891D8BD7249E95B4502F9F7B4FB43355F00103AD50CE7140D77E9595DB84
                                                                                                                                                                                                                                                                                                              Function 00007FFD34195EF3 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: af029d995a513903e88f2eda4fabe5c27a62890892d1bc0fdd18e2f6fae1eece
                                                                                                                                                                                                                                                                                                              • Instruction ID: 4c9d18b572d23e73e528a427f4268e6ca1ae36c0022dfb305ef2c8401c3b9771
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: af029d995a513903e88f2eda4fabe5c27a62890892d1bc0fdd18e2f6fae1eece
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EF014C72E04A1D8FDB88DF98D4946EDBBB2EF95311F40417AD41DE7285CA38A885CB90
                                                                                                                                                                                                                                                                                                              Function 00007FFD34199D55 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: c08ec0bc273131f5a4f4278e83fe8d00c960561241cad0059765935768e46e76
                                                                                                                                                                                                                                                                                                              • Instruction ID: 05e244ce3300e5f27320464f145abf38c9cc0377f6234106f53889e86d6aef23
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c08ec0bc273131f5a4f4278e83fe8d00c960561241cad0059765935768e46e76
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B6F08156A1DAC90FE266A37C18F60EA3FE58F4711075844EAC5C48B2A7E89C6C4293C2
                                                                                                                                                                                                                                                                                                              Function 00007FFD341CA998 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: d05ea9f4766fe9e4416bebb9d03b6be2fc6f3b1562bc436e891eddde38ddd79a
                                                                                                                                                                                                                                                                                                              • Instruction ID: a5934e1b004f8aa599ad60b1eb1861a2d900b74a48f6bf867042c574cc424eaf
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d05ea9f4766fe9e4416bebb9d03b6be2fc6f3b1562bc436e891eddde38ddd79a
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EA010871E14A1D8FEB90EBA888596FEB7F0FF19301F00056AD419E3291DB7865408B80
                                                                                                                                                                                                                                                                                                              Function 00007FFD3419AF99 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 1901d7bd0a3f895988713403a897e648527d433a3cf4ebe47a85214da05481b8
                                                                                                                                                                                                                                                                                                              • Instruction ID: 50470d8dd0c3df08769c8902858dfc15f16e3907c8f13e9eab06b22263421009
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1901d7bd0a3f895988713403a897e648527d433a3cf4ebe47a85214da05481b8
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0C016971918BCE4FEB56EF6888641EE7FF0FF56200B0404ABD869D71A2EA785918C741
                                                                                                                                                                                                                                                                                                              Function 00007FFD34199E95 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 9a9ce630da5ce391d42c6565e3fbc2c29dbb6991600573b14f1dddeb68a59d19
                                                                                                                                                                                                                                                                                                              • Instruction ID: 2b4d96de2e7370c36f3e0ef4f854f82b70a2919178b0a3e3b9971f4ca68386c9
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9a9ce630da5ce391d42c6565e3fbc2c29dbb6991600573b14f1dddeb68a59d19
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D8F0E243F1ED8B0FE256922C28F51A91BD1DB9612074901B7D548C7387EC0C588243C2
                                                                                                                                                                                                                                                                                                              Function 00007FFD341A0F12 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 2f70c33247b384fbeae449520c1960fa8fe28fd31d4344244935b2db910dc26f
                                                                                                                                                                                                                                                                                                              • Instruction ID: 6fa7b84a33fb68b189b8f67a10613fe18de63b713e76591372c91030ceef817c
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2f70c33247b384fbeae449520c1960fa8fe28fd31d4344244935b2db910dc26f
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 59F0A42260EBCA1FD3569B3894A55A07FE0AF47310B4841F6D548CB293DA1CA8959751
                                                                                                                                                                                                                                                                                                              Function 00007FFD34194B1D Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 89cc758265ec5b1a6f55e1225f19b2bfcbe175a23fc98a661e43690b231b8ded
                                                                                                                                                                                                                                                                                                              • Instruction ID: be9d6be97d3daf84fc86db8501e3cbc603331259804d40562184261bff5b72d3
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 89cc758265ec5b1a6f55e1225f19b2bfcbe175a23fc98a661e43690b231b8ded
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6D01F431A0DA8D8FDB59EF24C8A12E97BA1FF56304F0105BAE50CC7282CB79E850D780
                                                                                                                                                                                                                                                                                                              Function 00007FFD34193E50 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 046fb5d1a02d9c2f0efa566224013a8fd0bc93b8017a3ef3eedc736b603d3488
                                                                                                                                                                                                                                                                                                              • Instruction ID: 4a002214a95ca60c30557cc817c0230a447ca34ea353637d9411e019d8aa8d2c
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 046fb5d1a02d9c2f0efa566224013a8fd0bc93b8017a3ef3eedc736b603d3488
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E4F08C32D04A0D8BD7109E65A0403F9F7B4EB4B305F40103AD00CE2180C37A9595CB55
                                                                                                                                                                                                                                                                                                              Function 00007FFD34195E26 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: ef49f73afe107a7c7799995907074aa85ca19950c0ea0ddbe9015b3063bba8e0
                                                                                                                                                                                                                                                                                                              • Instruction ID: dceeb933ea99ded1a9da52916092110a7fb9a249780bc875dfd93682b0d06f81
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ef49f73afe107a7c7799995907074aa85ca19950c0ea0ddbe9015b3063bba8e0
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FFF02221A0DAC94FCB02DB3844666EABFF0DF16210B0401EEC088C7153D83498868740
                                                                                                                                                                                                                                                                                                              Function 00007FFD341A4F35 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 7b9e30ba4bba3f15f3bec95ad49b13c90a1e2e4c0bf55f612bcdb4bcad80cfc0
                                                                                                                                                                                                                                                                                                              • Instruction ID: ba44b53b55cb7131b1c6f94c952928a87e7c5525cc5831b34b2f0c1c7c8ebef7
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7b9e30ba4bba3f15f3bec95ad49b13c90a1e2e4c0bf55f612bcdb4bcad80cfc0
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C2F0E932A1AE4A4FD395D72C84946E4B7E0FF05310B4501B7D548CB297DE1DF8909740
                                                                                                                                                                                                                                                                                                              Function 00007FFD34195038 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 5747725a7efefb9f8123c326f0f989132e245db7dec8119c8645154545def820
                                                                                                                                                                                                                                                                                                              • Instruction ID: 1849bc2eff5d7e0be53cd1a9746aebd1c7818dbcacee28029d0485aeabf5ec6f
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5747725a7efefb9f8123c326f0f989132e245db7dec8119c8645154545def820
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 68F01D32F0892D9EDBA4EE58D8A1AE9B376FB46310F4051B5D00DE3251CE356D418B41
                                                                                                                                                                                                                                                                                                              Function 00007FFD34195DC7 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: cebb1dbe15abab623ecf9c4f65387f36d8c5ba52d56be28815a0671af0f9d224
                                                                                                                                                                                                                                                                                                              • Instruction ID: 859f721941e2955e9e4f588511abe2d6fb1286f616f0a3b879fd00370ba89ff3
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cebb1dbe15abab623ecf9c4f65387f36d8c5ba52d56be28815a0671af0f9d224
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1E01AF7090D6888FC711EFBC88A62D9BFF0EF1A304F4404EAC489D7252CA346886CB41
                                                                                                                                                                                                                                                                                                              Function 00007FFD34198691 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 313e8958f7c31d2ca2d8a6e7c68873ee92c5985088c0f75e558dce6fc81d89b7
                                                                                                                                                                                                                                                                                                              • Instruction ID: 5b0fb6d5be7f7478013a427c3f56214c0a60eca114380d72b99fe154c7b19741
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 313e8958f7c31d2ca2d8a6e7c68873ee92c5985088c0f75e558dce6fc81d89b7
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5BF06D32D59A0E8FC7149E65E4803FDB6B4FB4B305F40263AD20CE7181D7BA9A94DB84
                                                                                                                                                                                                                                                                                                              Function 00007FFD34193B3E Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: c242d32e7b8685a04d5cca9ff15b553f9a8097720ee4c3746cc03f34c0a84957
                                                                                                                                                                                                                                                                                                              • Instruction ID: 1d0101f297961f3a6c7932ce65b4370120925cefb713f6834598c5c046306275
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c242d32e7b8685a04d5cca9ff15b553f9a8097720ee4c3746cc03f34c0a84957
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1FF09AB6E0894CAFDF50DFA8A4A45EEBBF4EF6D311B0001A6E549E3241E73854018780
                                                                                                                                                                                                                                                                                                              Function 00007FFD341980DD Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 954f641beff023c4c68a213789a2295ecb74b0544a59a424c181edfd082a1ac4
                                                                                                                                                                                                                                                                                                              • Instruction ID: 6ad70deddd09a17a52080f328bd9bcbb8185ef0f50f38db00b4ee08ae23f6298
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 954f641beff023c4c68a213789a2295ecb74b0544a59a424c181edfd082a1ac4
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 10F05E71A48A5D4EE7A5EE2884253EA76A0EF46300F0008BBD10DE3282DF7999849A80
                                                                                                                                                                                                                                                                                                              Function 00007FFD3419BC4A Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 7d289f12cbe67e52f3bda67e80c984e9b76cb223e5b2a99b866bb146c3610600
                                                                                                                                                                                                                                                                                                              • Instruction ID: 2bf2eb444218c6a1c005309e5b235fb6feaa9d8e35934beeeb472cbe5d099647
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7d289f12cbe67e52f3bda67e80c984e9b76cb223e5b2a99b866bb146c3610600
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EAF05476E14A499BEB44EB9898959AD73F1FF88740F410035E058F3282CE2868018750
                                                                                                                                                                                                                                                                                                              Function 00007FFD343AD14F Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4758095741.00007FFD343A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD343A0000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd343a0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: a8b7eeb8b5d64c17d47fadb971ec63b19fb0afc7e8ddd09ae665e914177875fe
                                                                                                                                                                                                                                                                                                              • Instruction ID: 99caa7da7c79cf940e40d48cccfbd156d37ba331a007d4ed16f6d5a3f34a7038
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a8b7eeb8b5d64c17d47fadb971ec63b19fb0afc7e8ddd09ae665e914177875fe
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 29F06D31E095498FCB08EFA4C8A08EDB7B2FF49310B00416EC416E7390CA3C6506CF40
                                                                                                                                                                                                                                                                                                              Function 00007FFD34199D15 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: ba76b008417f5cda1b89fa545e681a3bd732c6d6a46d276bb98dde2e017ec0d5
                                                                                                                                                                                                                                                                                                              • Instruction ID: 610244ad509a87ce40d26afeb7a9ab33c7f0b6cb9749fb15d7da4edd672e1920
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ba76b008417f5cda1b89fa545e681a3bd732c6d6a46d276bb98dde2e017ec0d5
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3CE09213B1EEA50FE7269A3C1CE20A87BD1DF47110B0948FED64587286D84D785593C2
                                                                                                                                                                                                                                                                                                              Function 00007FFD3419AF5E Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: ac7011d4f2204ced83c795c4604cc1ed637ea264ace835be8dc02f0095d6b9c0
                                                                                                                                                                                                                                                                                                              • Instruction ID: 0b4af159043fb9162b7a56b8a964f6609dba685ed1eaee4881ac74d7686be83b
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ac7011d4f2204ced83c795c4604cc1ed637ea264ace835be8dc02f0095d6b9c0
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E8E04F92D1FAD61FE7525FB4486A4997FD0EF17350B0D80F6D248CF0A3E54DA4099742
                                                                                                                                                                                                                                                                                                              Function 00007FFD341A6A11 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 7bb9371dcb7f9234fbe0ffd7d5188c072a295fbe7e085789befb0d89c22a7a20
                                                                                                                                                                                                                                                                                                              • Instruction ID: 37472edd4e482832f0a852ad512b48dcba7306f549d0a808902f33a0cf0c627e
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7bb9371dcb7f9234fbe0ffd7d5188c072a295fbe7e085789befb0d89c22a7a20
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8DF0A430A1861C8FCBA4DF18C895BE9B3B1BF58300F1041A9E54DD3265DA74AD818F40
                                                                                                                                                                                                                                                                                                              Function 00007FFD34198075 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: faf7360c91fcadeaa8db45c70cc14e65213c2de800a6ea1d4cdaaaf08ca82470
                                                                                                                                                                                                                                                                                                              • Instruction ID: 18c8b50df67747f740bba3f4bdfcfcfb8e950a00de6fe56213b348c2f9020452
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: faf7360c91fcadeaa8db45c70cc14e65213c2de800a6ea1d4cdaaaf08ca82470
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 13E0E531E0441C8EDB64EBA8D4517ECB7B1FF55205F8000BAD00CE3252CA356981CB00
                                                                                                                                                                                                                                                                                                              Function 00007FFD34193B03 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: ab15b6a858ddf0ca48b32e84295da30b8847b7a22b82ba07ffada84ad3ebc513
                                                                                                                                                                                                                                                                                                              • Instruction ID: d7fd75e5cd96eab5982d390eca2db444aae516c2f4769410e164474d7faaad9b
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ab15b6a858ddf0ca48b32e84295da30b8847b7a22b82ba07ffada84ad3ebc513
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3EE0ED7190DAC85FD702EBB854A64ED7FF09F1B210B1804EAD4C9DB163DA285485CB92
                                                                                                                                                                                                                                                                                                              Function 00007FFD341A32E5 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 812ddf372eaee194b7fba33ad2e9241b2f89bc3a5e0ede775bf62e4be7ea3062
                                                                                                                                                                                                                                                                                                              • Instruction ID: 1c5036189c695b4d5ca7289ce585edc70ca7aac622f76ba7d190d2eec4d5e597
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 812ddf372eaee194b7fba33ad2e9241b2f89bc3a5e0ede775bf62e4be7ea3062
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F6D05E23E2BD5506E7F46A2C04B967E5680DB56744F44043AE909E23C1EC5C3801A291
                                                                                                                                                                                                                                                                                                              Function 00007FFD341A645E Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 4ca15c0f964105fefb25146a05685f949714035f0f5a614a57496b5bf632e031
                                                                                                                                                                                                                                                                                                              • Instruction ID: 2a7602b22c1c8348dcc73ca4503705b594f97354920dca3aee8122e664261e90
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4ca15c0f964105fefb25146a05685f949714035f0f5a614a57496b5bf632e031
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 66C09B77D8FC09C6D790DE10D4510F47374AF47204F506475D50DD7451CD19A9247645
                                                                                                                                                                                                                                                                                                              Function 00007FFD3419AB00 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 230ae52b586fe703f1ec96e14c6f4c0531eb55f64f4d3a96f56e0925acf2c3ed
                                                                                                                                                                                                                                                                                                              • Instruction ID: 7440b4af1a3f2f45bdc35663e1e6d58602dcaed33c0a99353335b008ffa25c78
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 230ae52b586fe703f1ec96e14c6f4c0531eb55f64f4d3a96f56e0925acf2c3ed
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 29C08C209249494AD624BF2844810187690FF08240FC001A4E00CD2240D62C90445746
                                                                                                                                                                                                                                                                                                              Function 00007FFD34195D2A Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: ac7a80e335908e885678e0f29f091dcd3dd98a1a8bd91969ec9775f053986558
                                                                                                                                                                                                                                                                                                              • Instruction ID: fed03ef740bb7436865088a10913a23b7d38ae54339cae8521da7e2a6afa5f99
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ac7a80e335908e885678e0f29f091dcd3dd98a1a8bd91969ec9775f053986558
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 80C04C63D089594AABC4DE5C449819967E1FBA5254B040155D008D2155DE2458015740
                                                                                                                                                                                                                                                                                                              Function 00007FFD341981AE Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.4755349631.00007FFD34190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34190000, based on PE: false
                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7ffd34190000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                              • Opcode ID: 5ce5f5d703da5e141f438376c97032921f0b12ed9a829a2b6acb90ebb8121810
                                                                                                                                                                                                                                                                                                              • Instruction ID: 3a63c9a05ab1198f555be061aebbfb2fe4e8b9bf71d7e99ba34b26e999e81250
                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5ce5f5d703da5e141f438376c97032921f0b12ed9a829a2b6acb90ebb8121810
                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 88C09B506055DC5FD342E77D547C7DA7FD08F15041B4804DF84CDDB1D1D52454864744